11241100x8000000000000000651124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:29.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ee7731397d4fd02021-12-21 12:19:29.192root 11241100x8000000000000000651125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f953c4ed74d2cc52021-12-21 12:19:29.193root 11241100x8000000000000000651126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576eed7649132af52021-12-21 12:19:29.193root 11241100x8000000000000000651127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:29.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbaa36ab316123c72021-12-21 12:19:29.692root 11241100x8000000000000000651128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6227d824e579dd252021-12-21 12:19:29.693root 11241100x8000000000000000651129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7573652f0d19fa8f2021-12-21 12:19:29.693root 11241100x8000000000000000651130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:30.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d6174074dd1e0a2021-12-21 12:19:30.192root 11241100x8000000000000000651131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed36b03305097bbc2021-12-21 12:19:30.193root 11241100x8000000000000000651132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa102c03dfdf2d02021-12-21 12:19:30.193root 11241100x8000000000000000651133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:30.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cc22017a7b57942021-12-21 12:19:30.692root 11241100x8000000000000000651134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc3347a1b6ea1472021-12-21 12:19:30.693root 11241100x8000000000000000651135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b85c72193e51f4d2021-12-21 12:19:30.693root 354300x8000000000000000651136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.105{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49824-false10.0.1.12-8000- 11241100x8000000000000000651137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.106{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fe58693cc854722021-12-21 12:19:31.106root 11241100x8000000000000000651138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.106{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6311a99d3f931c6c2021-12-21 12:19:31.106root 11241100x8000000000000000651139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.106{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e58bcb62a06e1e92021-12-21 12:19:31.106root 11241100x8000000000000000651140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.106{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda4ac458abea0652021-12-21 12:19:31.106root 11241100x8000000000000000651141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b86ffff4fe6ebb02021-12-21 12:19:31.442root 11241100x8000000000000000651142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb2f7df9715923b2021-12-21 12:19:31.443root 11241100x8000000000000000651143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4220a80fce98702021-12-21 12:19:31.443root 11241100x8000000000000000651144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccbce04dd6deb852021-12-21 12:19:31.443root 11241100x8000000000000000651145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53a729006a74f952021-12-21 12:19:31.942root 11241100x8000000000000000651146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bab8b1d45d5d2f82021-12-21 12:19:31.943root 11241100x8000000000000000651147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59f22a2d00ae5a32021-12-21 12:19:31.943root 11241100x8000000000000000651148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00db08ded6caffa2021-12-21 12:19:31.943root 11241100x8000000000000000651149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:32.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46094843e9a1c0f52021-12-21 12:19:32.442root 11241100x8000000000000000651150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8863bd22bbbd532021-12-21 12:19:32.443root 11241100x8000000000000000651151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87df3e5602d8dab62021-12-21 12:19:32.443root 11241100x8000000000000000651152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55076ee98a4fde8e2021-12-21 12:19:32.443root 11241100x8000000000000000651153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:32.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8286b8712fc29a732021-12-21 12:19:32.942root 11241100x8000000000000000651154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa85de2a02480d42021-12-21 12:19:32.943root 11241100x8000000000000000651155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e426c921f3a722e2021-12-21 12:19:32.943root 11241100x8000000000000000651156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b95e91fc2edb9982021-12-21 12:19:32.943root 11241100x8000000000000000651157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:33.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f389e55242b2962021-12-21 12:19:33.442root 11241100x8000000000000000651158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68733686833678b72021-12-21 12:19:33.443root 11241100x8000000000000000651159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57e01bf461ca2512021-12-21 12:19:33.443root 11241100x8000000000000000651160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb8de82374ccde92021-12-21 12:19:33.443root 11241100x8000000000000000651161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:33.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e595abe97fc148a62021-12-21 12:19:33.942root 11241100x8000000000000000651162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1e50e8ad227e992021-12-21 12:19:33.943root 11241100x8000000000000000651163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16065ecfdb6333f12021-12-21 12:19:33.943root 11241100x8000000000000000651164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105920cfb254f2ec2021-12-21 12:19:33.943root 11241100x8000000000000000651165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:34.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26883c627974d3f82021-12-21 12:19:34.442root 11241100x8000000000000000651166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92ca05dc4e776042021-12-21 12:19:34.443root 11241100x8000000000000000651167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3023da755398e3302021-12-21 12:19:34.443root 11241100x8000000000000000651168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e956bb37f9ab9b1a2021-12-21 12:19:34.443root 11241100x8000000000000000651169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:34.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5abcbb3e6ee3222021-12-21 12:19:34.942root 11241100x8000000000000000651170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35faab1d8dbe2d2b2021-12-21 12:19:34.943root 11241100x8000000000000000651171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab31a2c72da584d22021-12-21 12:19:34.943root 11241100x8000000000000000651172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9715838acefb33e2021-12-21 12:19:34.943root 11241100x8000000000000000651173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fca6b2423ede95d2021-12-21 12:19:35.448root 11241100x8000000000000000651174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a25ea3fa53487d2021-12-21 12:19:35.448root 11241100x8000000000000000651175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2163a6572020ecc2021-12-21 12:19:35.448root 11241100x8000000000000000651176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359bfd519ff7b48d2021-12-21 12:19:35.448root 11241100x8000000000000000651177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:35.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34d8fea956bffab2021-12-21 12:19:35.942root 11241100x8000000000000000651178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cd61bd96c5a9022021-12-21 12:19:35.943root 11241100x8000000000000000651179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cb3cda7801b7282021-12-21 12:19:35.943root 11241100x8000000000000000651180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4066ff455a404f32021-12-21 12:19:35.943root 11241100x8000000000000000651181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.143{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:19:36.143root 11241100x8000000000000000651182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4d8716dd7d9f4b2021-12-21 12:19:36.443root 11241100x8000000000000000651183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb98461988256fd2021-12-21 12:19:36.443root 11241100x8000000000000000651184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3691d97c45a01a602021-12-21 12:19:36.443root 11241100x8000000000000000651185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babf0c964ece69ba2021-12-21 12:19:36.443root 11241100x8000000000000000651186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be47dfb908a61c262021-12-21 12:19:36.443root 11241100x8000000000000000651187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41528a9695ae8062021-12-21 12:19:36.943root 11241100x8000000000000000651188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1099dfdf9b484f72021-12-21 12:19:36.943root 11241100x8000000000000000651189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fabeef2c72946d2021-12-21 12:19:36.943root 11241100x8000000000000000651190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a3079f0d26a2572021-12-21 12:19:36.943root 11241100x8000000000000000651191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3ac155a70d84db2021-12-21 12:19:36.943root 354300x8000000000000000651192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.024{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49826-false10.0.1.12-8000- 11241100x8000000000000000651193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe3cb4b00b49a952021-12-21 12:19:37.443root 11241100x8000000000000000651194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4fa75f9700b4892021-12-21 12:19:37.443root 11241100x8000000000000000651195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a6ef24287f8a582021-12-21 12:19:37.443root 11241100x8000000000000000651196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502236c10a795b052021-12-21 12:19:37.443root 11241100x8000000000000000651197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7a8034bd82f12e2021-12-21 12:19:37.443root 11241100x8000000000000000651198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79209c0e67c3047e2021-12-21 12:19:37.443root 11241100x8000000000000000651199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c93430d6e8144c22021-12-21 12:19:37.943root 11241100x8000000000000000651200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bbe09067379ee52021-12-21 12:19:37.943root 11241100x8000000000000000651201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fd6a5d6c71277a2021-12-21 12:19:37.943root 11241100x8000000000000000651202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9fb81f1246d61c2021-12-21 12:19:37.943root 11241100x8000000000000000651203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4efd7c555e923982021-12-21 12:19:37.943root 11241100x8000000000000000651204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223718c0755117bf2021-12-21 12:19:37.943root 11241100x8000000000000000651205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217ef1201e161c162021-12-21 12:19:38.443root 11241100x8000000000000000651206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ae2e730473af9b2021-12-21 12:19:38.443root 11241100x8000000000000000651207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc49f61948e7ec62021-12-21 12:19:38.443root 11241100x8000000000000000651208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaeb8daa614fa2362021-12-21 12:19:38.443root 11241100x8000000000000000651209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98faa854f46c15992021-12-21 12:19:38.443root 11241100x8000000000000000651210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcde883da42a6132021-12-21 12:19:38.443root 11241100x8000000000000000651211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb88574a86c2720b2021-12-21 12:19:38.943root 11241100x8000000000000000651212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3541286e4d6927a2021-12-21 12:19:38.943root 11241100x8000000000000000651213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2caf73ecc2fc36742021-12-21 12:19:38.943root 11241100x8000000000000000651214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be71cd405a14c11a2021-12-21 12:19:38.943root 11241100x8000000000000000651215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3347d4f48c8c0fcc2021-12-21 12:19:38.943root 11241100x8000000000000000651216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4824f4a7e8a6b0582021-12-21 12:19:38.943root 23542300x8000000000000000651217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.144{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000651218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374fbb5ba539f1ff2021-12-21 12:19:39.443root 11241100x8000000000000000651219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5fb59d181ceec52021-12-21 12:19:39.443root 11241100x8000000000000000651220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9772c5b0ebd17c1a2021-12-21 12:19:39.443root 11241100x8000000000000000651221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7424912f4a403c162021-12-21 12:19:39.443root 11241100x8000000000000000651222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876630b6770ad41e2021-12-21 12:19:39.443root 11241100x8000000000000000651223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11686e6aab89168a2021-12-21 12:19:39.443root 11241100x8000000000000000651224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68606e0cd33746c2021-12-21 12:19:39.443root 11241100x8000000000000000651225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f30a5b58200f062021-12-21 12:19:39.943root 11241100x8000000000000000651226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67f4fd593d04ff22021-12-21 12:19:39.943root 11241100x8000000000000000651227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7466a5ad67268df92021-12-21 12:19:39.943root 11241100x8000000000000000651228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4199149d3d1b9a7d2021-12-21 12:19:39.943root 11241100x8000000000000000651229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab54d20b6c4dd8962021-12-21 12:19:39.943root 11241100x8000000000000000651230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4cc16ae47339c32021-12-21 12:19:39.943root 11241100x8000000000000000651231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5708519e9198d67b2021-12-21 12:19:39.943root 11241100x8000000000000000651232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2201d21c68612e2021-12-21 12:19:40.443root 11241100x8000000000000000651233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0facccf5d8e97d2021-12-21 12:19:40.443root 11241100x8000000000000000651234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba2a2b2de32dbe32021-12-21 12:19:40.443root 11241100x8000000000000000651235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b02ef47fd80e39f2021-12-21 12:19:40.443root 11241100x8000000000000000651236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212d1d916867d35e2021-12-21 12:19:40.443root 11241100x8000000000000000651237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f524744ff1fe55132021-12-21 12:19:40.443root 11241100x8000000000000000651238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce29f1510ae30292021-12-21 12:19:40.443root 11241100x8000000000000000651239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3660beaa8adbf12021-12-21 12:19:40.943root 11241100x8000000000000000651240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0cfb4fbed4a5e92021-12-21 12:19:40.943root 11241100x8000000000000000651241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca006b97a9b75032021-12-21 12:19:40.943root 11241100x8000000000000000651242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6c8a972d02de1c2021-12-21 12:19:40.943root 11241100x8000000000000000651243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb137f27d1c696022021-12-21 12:19:40.943root 11241100x8000000000000000651244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4002503c1d9f012021-12-21 12:19:40.943root 11241100x8000000000000000651245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee9f173447c7dc22021-12-21 12:19:40.943root 11241100x8000000000000000651246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7faf60e297f4e9c62021-12-21 12:19:41.443root 11241100x8000000000000000651247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0192105094cdd3af2021-12-21 12:19:41.443root 11241100x8000000000000000651248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd462223ca748602021-12-21 12:19:41.443root 11241100x8000000000000000651249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713054f89258ee302021-12-21 12:19:41.443root 11241100x8000000000000000651250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20cced564789e6672021-12-21 12:19:41.443root 11241100x8000000000000000651251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9873e4af6cd80a302021-12-21 12:19:41.443root 11241100x8000000000000000651252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644f5bc33fd059ec2021-12-21 12:19:41.443root 11241100x8000000000000000651253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4788981f204daa3e2021-12-21 12:19:41.943root 11241100x8000000000000000651254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a34fdfe3b52787f2021-12-21 12:19:41.943root 11241100x8000000000000000651255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb6972c5a64334b2021-12-21 12:19:41.943root 11241100x8000000000000000651256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd4739ad8b4579c2021-12-21 12:19:41.943root 11241100x8000000000000000651257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265be0546ea69b502021-12-21 12:19:41.943root 11241100x8000000000000000651258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fc3c55a1abbada2021-12-21 12:19:41.943root 11241100x8000000000000000651259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536d37f879c684ea2021-12-21 12:19:41.943root 354300x8000000000000000651260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.096{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49828-false10.0.1.12-8000- 11241100x8000000000000000651261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd7a02358ccdbef2021-12-21 12:19:42.443root 11241100x8000000000000000651262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a43ad889f4ececb2021-12-21 12:19:42.443root 11241100x8000000000000000651263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dd1d0c4f48b0df2021-12-21 12:19:42.443root 11241100x8000000000000000651264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c632dd71ffeb6f2021-12-21 12:19:42.443root 11241100x8000000000000000651265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b4e80564be6a0e2021-12-21 12:19:42.443root 11241100x8000000000000000651266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20ec013cb2c3b732021-12-21 12:19:42.444root 11241100x8000000000000000651267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0c2884fea9eccf2021-12-21 12:19:42.444root 11241100x8000000000000000651268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47332ab4735f39d62021-12-21 12:19:42.444root 11241100x8000000000000000651269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8789b0fada5793cd2021-12-21 12:19:42.943root 11241100x8000000000000000651270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c1c622224598d92021-12-21 12:19:42.944root 11241100x8000000000000000651271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7518127d2363f12021-12-21 12:19:42.944root 11241100x8000000000000000651272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d2e587c7244b062021-12-21 12:19:42.944root 11241100x8000000000000000651273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63956078ba044cd42021-12-21 12:19:42.944root 11241100x8000000000000000651274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ac519de11fbf152021-12-21 12:19:42.944root 11241100x8000000000000000651275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32267728a22a5aaa2021-12-21 12:19:42.944root 11241100x8000000000000000651276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37d8bc02d9a20c32021-12-21 12:19:42.945root 11241100x8000000000000000651277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575fba63b506bc8b2021-12-21 12:19:43.443root 11241100x8000000000000000651278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e179053e82ecc002021-12-21 12:19:43.443root 11241100x8000000000000000651279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffaaacf6d4c8bc972021-12-21 12:19:43.443root 11241100x8000000000000000651280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5532a0a0389517722021-12-21 12:19:43.443root 11241100x8000000000000000651281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15092c64b78c865b2021-12-21 12:19:43.443root 11241100x8000000000000000651282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed408f7a8a4981482021-12-21 12:19:43.443root 11241100x8000000000000000651283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771fe3919589c15c2021-12-21 12:19:43.443root 11241100x8000000000000000651284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad900042ce7248d2021-12-21 12:19:43.444root 11241100x8000000000000000651285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23dc3153953d68c2021-12-21 12:19:43.943root 11241100x8000000000000000651286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e48952c58ffe60a2021-12-21 12:19:43.943root 11241100x8000000000000000651287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f465367005138f2021-12-21 12:19:43.943root 11241100x8000000000000000651288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7b0fd1c4d507c02021-12-21 12:19:43.943root 11241100x8000000000000000651289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c5ec4a0c062e072021-12-21 12:19:43.943root 11241100x8000000000000000651290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccad47b5da6a1382021-12-21 12:19:43.943root 11241100x8000000000000000651291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3754c9a286901962021-12-21 12:19:43.944root 11241100x8000000000000000651292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae6d39c2eea6a932021-12-21 12:19:43.944root 11241100x8000000000000000651293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a35e2b18908ae32021-12-21 12:19:44.443root 11241100x8000000000000000651294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59433341609bc502021-12-21 12:19:44.443root 11241100x8000000000000000651295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e031610c79f53bf2021-12-21 12:19:44.443root 11241100x8000000000000000651296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c9d09d1950baee2021-12-21 12:19:44.443root 11241100x8000000000000000651297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ee43358e76ccd92021-12-21 12:19:44.443root 11241100x8000000000000000651298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1b909c11d6943c2021-12-21 12:19:44.443root 11241100x8000000000000000651299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791ace5e69415daa2021-12-21 12:19:44.443root 11241100x8000000000000000651300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e492f111fd2bbb92021-12-21 12:19:44.444root 11241100x8000000000000000651301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4c43ffdd5dd4e12021-12-21 12:19:44.943root 11241100x8000000000000000651302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d522c7d9b8ed15342021-12-21 12:19:44.943root 11241100x8000000000000000651303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986e1899bcd0f8932021-12-21 12:19:44.943root 11241100x8000000000000000651304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19059310c2204abb2021-12-21 12:19:44.943root 11241100x8000000000000000651305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba4267d8766f3c72021-12-21 12:19:44.943root 11241100x8000000000000000651306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d5fe18856c695c2021-12-21 12:19:44.943root 11241100x8000000000000000651307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c977e1950c46d92021-12-21 12:19:44.943root 11241100x8000000000000000651308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe5591a63d70f832021-12-21 12:19:44.944root 11241100x8000000000000000651309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6602d90dbeadbf2021-12-21 12:19:45.443root 11241100x8000000000000000651310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d9feb8db6af2fc2021-12-21 12:19:45.443root 11241100x8000000000000000651311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ab1af93433defc2021-12-21 12:19:45.443root 11241100x8000000000000000651312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88047d6cd5e295902021-12-21 12:19:45.443root 11241100x8000000000000000651313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557af3bdb90700702021-12-21 12:19:45.443root 11241100x8000000000000000651314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd2f74416f54a772021-12-21 12:19:45.444root 11241100x8000000000000000651315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982deb53e553fec02021-12-21 12:19:45.444root 11241100x8000000000000000651316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7545ffc8a151dd8b2021-12-21 12:19:45.444root 11241100x8000000000000000651317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8ba50a0e9a68062021-12-21 12:19:45.943root 11241100x8000000000000000651318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483ccd8ec2d95d952021-12-21 12:19:45.943root 11241100x8000000000000000651319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bc39dce7dd2ad32021-12-21 12:19:45.943root 11241100x8000000000000000651320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f359c8d1ee1de6d2021-12-21 12:19:45.943root 11241100x8000000000000000651321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbea35f990d7bf72021-12-21 12:19:45.943root 11241100x8000000000000000651322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32f3d1b62794fe12021-12-21 12:19:45.943root 11241100x8000000000000000651323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6f2967119bd1c12021-12-21 12:19:45.944root 11241100x8000000000000000651324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60eddb591f86e3632021-12-21 12:19:45.944root 11241100x8000000000000000651325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9c1fdc1b4d80552021-12-21 12:19:46.443root 11241100x8000000000000000651326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633b37bbaa1cd3aa2021-12-21 12:19:46.443root 11241100x8000000000000000651327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70463de5ab8d45b92021-12-21 12:19:46.443root 11241100x8000000000000000651328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e4cdf404e9d0cd2021-12-21 12:19:46.443root 11241100x8000000000000000651329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d043b11d5e9d110d2021-12-21 12:19:46.443root 11241100x8000000000000000651330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5992c11b1e972c412021-12-21 12:19:46.443root 11241100x8000000000000000651331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098eca63bf02ab432021-12-21 12:19:46.443root 11241100x8000000000000000651332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147b23c26e29926c2021-12-21 12:19:46.444root 11241100x8000000000000000651333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e896423539945f2021-12-21 12:19:46.943root 11241100x8000000000000000651334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e002106a7a02302021-12-21 12:19:46.943root 11241100x8000000000000000651335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd080c79e56a97872021-12-21 12:19:46.943root 11241100x8000000000000000651336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f13db35bc38dae2021-12-21 12:19:46.943root 11241100x8000000000000000651337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b196a5aeeb05632021-12-21 12:19:46.943root 11241100x8000000000000000651338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7671982eda60f632021-12-21 12:19:46.943root 11241100x8000000000000000651339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7645685a1ac126732021-12-21 12:19:46.943root 11241100x8000000000000000651340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d97061e7370ff2f2021-12-21 12:19:46.943root 354300x8000000000000000651341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.236{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49830-false10.0.1.12-8000- 11241100x8000000000000000651342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a771e218ffcea52021-12-21 12:19:47.237root 11241100x8000000000000000651343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0985ad299fc777c2021-12-21 12:19:47.237root 11241100x8000000000000000651344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c253566483b982b22021-12-21 12:19:47.237root 11241100x8000000000000000651345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34d68ec9f8f119d2021-12-21 12:19:47.237root 11241100x8000000000000000651346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca026a5db341fe82021-12-21 12:19:47.237root 11241100x8000000000000000651347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e35a0bf5b2ff2b2021-12-21 12:19:47.238root 11241100x8000000000000000651348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d3f5235b182b4b2021-12-21 12:19:47.238root 11241100x8000000000000000651349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b20ee6cc3375bf2021-12-21 12:19:47.238root 11241100x8000000000000000651350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4286fd6bffbf05f42021-12-21 12:19:47.238root 11241100x8000000000000000651351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ac56e55aef57172021-12-21 12:19:47.693root 11241100x8000000000000000651352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f75f9958a97535b2021-12-21 12:19:47.693root 11241100x8000000000000000651353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01be2a201ef51e782021-12-21 12:19:47.693root 11241100x8000000000000000651354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9b0c07d78612ca2021-12-21 12:19:47.693root 11241100x8000000000000000651355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64dbf34160d46e1b2021-12-21 12:19:47.693root 11241100x8000000000000000651356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc2e8d98cefbac72021-12-21 12:19:47.693root 11241100x8000000000000000651357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a06dd47791a1e82021-12-21 12:19:47.693root 11241100x8000000000000000651358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ff4952ff05f4ee2021-12-21 12:19:47.693root 11241100x8000000000000000651359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1633f0a6b87438322021-12-21 12:19:47.693root 11241100x8000000000000000651360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc6f839a69ece3f2021-12-21 12:19:48.193root 11241100x8000000000000000651361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678d63473437bfe42021-12-21 12:19:48.193root 11241100x8000000000000000651362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaf176d22742bbb2021-12-21 12:19:48.193root 11241100x8000000000000000651363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7b4d32d7ee57fd2021-12-21 12:19:48.193root 11241100x8000000000000000651364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2843945a5a1621a42021-12-21 12:19:48.193root 11241100x8000000000000000651365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608c3d8d7f25a8662021-12-21 12:19:48.193root 11241100x8000000000000000651366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6a4c03f7aae08f2021-12-21 12:19:48.193root 11241100x8000000000000000651367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cdb5a435cc44db2021-12-21 12:19:48.194root 11241100x8000000000000000651368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd17fe80450afeca2021-12-21 12:19:48.194root 11241100x8000000000000000651369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2eb6235111447a2021-12-21 12:19:48.693root 11241100x8000000000000000651370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ea6ed1360790592021-12-21 12:19:48.693root 11241100x8000000000000000651371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367ebc43b2298db92021-12-21 12:19:48.693root 11241100x8000000000000000651372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841b3d007ee780d52021-12-21 12:19:48.693root 11241100x8000000000000000651373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62445bcf2d20dda02021-12-21 12:19:48.693root 11241100x8000000000000000651374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42955b5901d8ec282021-12-21 12:19:48.693root 11241100x8000000000000000651375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc8f71493cec6e22021-12-21 12:19:48.693root 11241100x8000000000000000651376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8910b58d24b11ea72021-12-21 12:19:48.694root 11241100x8000000000000000651377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353fa40c928c4e432021-12-21 12:19:48.694root 11241100x8000000000000000651378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4863d06579b844692021-12-21 12:19:49.193root 11241100x8000000000000000651379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80724252d4be5732021-12-21 12:19:49.193root 11241100x8000000000000000651380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea383793caa4c8b2021-12-21 12:19:49.193root 11241100x8000000000000000651381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9391a658dd8137192021-12-21 12:19:49.193root 11241100x8000000000000000651382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486d4db7530f40042021-12-21 12:19:49.194root 11241100x8000000000000000651383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c60b573eb03ee052021-12-21 12:19:49.194root 11241100x8000000000000000651384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73360eb6c4c3d23d2021-12-21 12:19:49.194root 11241100x8000000000000000651385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9787be251d7669882021-12-21 12:19:49.194root 11241100x8000000000000000651386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1c6fece37cfb632021-12-21 12:19:49.194root 11241100x8000000000000000651387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd104ea42b2342b32021-12-21 12:19:49.693root 11241100x8000000000000000651388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5aca9e77f40da8f2021-12-21 12:19:49.693root 11241100x8000000000000000651389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da0a5c1b03cdef32021-12-21 12:19:49.693root 11241100x8000000000000000651390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04ac450e156e6982021-12-21 12:19:49.693root 11241100x8000000000000000651391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653e3d41c7da59d12021-12-21 12:19:49.694root 11241100x8000000000000000651392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078dc346a76831cc2021-12-21 12:19:49.694root 11241100x8000000000000000651393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b893b58ef99afc2021-12-21 12:19:49.694root 11241100x8000000000000000651394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2464b93d05f4eb032021-12-21 12:19:49.694root 11241100x8000000000000000651395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f58c987c38c604d2021-12-21 12:19:49.694root 11241100x8000000000000000651396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d85b613ca65e062021-12-21 12:19:50.193root 11241100x8000000000000000651397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6754e0dd32f47e5a2021-12-21 12:19:50.193root 11241100x8000000000000000651398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe07eae469e3dad22021-12-21 12:19:50.193root 11241100x8000000000000000651399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bcf40e770463012021-12-21 12:19:50.193root 11241100x8000000000000000651400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8c789c509b3b4d2021-12-21 12:19:50.193root 11241100x8000000000000000651401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82460393f25a73aa2021-12-21 12:19:50.194root 11241100x8000000000000000651402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc80e04ff9a0961c2021-12-21 12:19:50.194root 11241100x8000000000000000651403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d8029255d6093a2021-12-21 12:19:50.194root 11241100x8000000000000000651404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49def7907b1084fc2021-12-21 12:19:50.194root 11241100x8000000000000000651405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14bca176850e29b2021-12-21 12:19:50.693root 11241100x8000000000000000651406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b292db0dfd8f8cf2021-12-21 12:19:50.693root 11241100x8000000000000000651407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab8855e1900523f2021-12-21 12:19:50.693root 11241100x8000000000000000651408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df937c40ac8432a2021-12-21 12:19:50.693root 11241100x8000000000000000651409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8ff881789f06282021-12-21 12:19:50.693root 11241100x8000000000000000651410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e30a1651f9a10952021-12-21 12:19:50.693root 11241100x8000000000000000651411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3523c02e713df52021-12-21 12:19:50.693root 11241100x8000000000000000651412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661e541b25271bdb2021-12-21 12:19:50.693root 11241100x8000000000000000651413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ead530ad7a708b2021-12-21 12:19:50.693root 11241100x8000000000000000651414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321dec3bfc5fcd232021-12-21 12:19:51.193root 11241100x8000000000000000651415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5eebaa45115f8c2021-12-21 12:19:51.193root 11241100x8000000000000000651416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d014ef83dce99bd82021-12-21 12:19:51.193root 11241100x8000000000000000651417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218b9b2ec6476b022021-12-21 12:19:51.193root 11241100x8000000000000000651418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf890eb3eb1cb79b2021-12-21 12:19:51.193root 11241100x8000000000000000651419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3887085e78525e982021-12-21 12:19:51.193root 11241100x8000000000000000651420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee54c9db909573b2021-12-21 12:19:51.193root 11241100x8000000000000000651421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f85a9834cd1dfbb2021-12-21 12:19:51.193root 11241100x8000000000000000651422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0715386eb70afb7c2021-12-21 12:19:51.193root 11241100x8000000000000000651423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef842153d3a7955f2021-12-21 12:19:51.693root 11241100x8000000000000000651424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e15b3db932de8f2021-12-21 12:19:51.693root 11241100x8000000000000000651425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab17b34aed013872021-12-21 12:19:51.693root 11241100x8000000000000000651426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ad53d5839d94d52021-12-21 12:19:51.693root 11241100x8000000000000000651427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743ebe713e2a40702021-12-21 12:19:51.693root 11241100x8000000000000000651428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d67f2cd2bdbe57d2021-12-21 12:19:51.693root 11241100x8000000000000000651429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779ecefa12abf3372021-12-21 12:19:51.693root 11241100x8000000000000000651430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75a0170ce6bfede2021-12-21 12:19:51.693root 11241100x8000000000000000651431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25b8a984fcc282d2021-12-21 12:19:51.693root 11241100x8000000000000000651432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe69b9474053e2d2021-12-21 12:19:52.193root 11241100x8000000000000000651433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9461b24e9e9b9fb2021-12-21 12:19:52.193root 11241100x8000000000000000651434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d9b793a800885e2021-12-21 12:19:52.193root 11241100x8000000000000000651435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd30cf96b761d7f52021-12-21 12:19:52.193root 11241100x8000000000000000651436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba24b331c0a66552021-12-21 12:19:52.193root 11241100x8000000000000000651437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0ea748c577c8f82021-12-21 12:19:52.193root 11241100x8000000000000000651438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f21632b92aa6492021-12-21 12:19:52.193root 11241100x8000000000000000651439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c155ad6d105e5c2021-12-21 12:19:52.193root 11241100x8000000000000000651440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea94729b7efa0cd2021-12-21 12:19:52.193root 11241100x8000000000000000651441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8652a4d517b64ea2021-12-21 12:19:52.692root 11241100x8000000000000000651442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b449b2c941b9fc2021-12-21 12:19:52.693root 11241100x8000000000000000651443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eada59653843b4612021-12-21 12:19:52.693root 11241100x8000000000000000651444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f02df6ba105cb52021-12-21 12:19:52.693root 11241100x8000000000000000651445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bace75b40da848872021-12-21 12:19:52.693root 11241100x8000000000000000651446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c35ced0c39a9ff2021-12-21 12:19:52.693root 11241100x8000000000000000651447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe44a65f14d73532021-12-21 12:19:52.693root 11241100x8000000000000000651448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f854ebd57ce8dcb2021-12-21 12:19:52.693root 11241100x8000000000000000651449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8b2d893514045f2021-12-21 12:19:52.693root 354300x8000000000000000651450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.083{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49832-false10.0.1.12-8000- 11241100x8000000000000000651451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a61793e50a569972021-12-21 12:19:53.083root 11241100x8000000000000000651452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93f316f5418dc2b2021-12-21 12:19:53.084root 11241100x8000000000000000651453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290239443657bb1d2021-12-21 12:19:53.084root 11241100x8000000000000000651454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4923957d5b88341e2021-12-21 12:19:53.084root 11241100x8000000000000000651455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a72d64f684055fc2021-12-21 12:19:53.084root 11241100x8000000000000000651456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0efa7820daa02e2021-12-21 12:19:53.084root 11241100x8000000000000000651457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0f7f555c9f6a962021-12-21 12:19:53.084root 11241100x8000000000000000651458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bfd33338b5894d2021-12-21 12:19:53.084root 11241100x8000000000000000651459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6929de1cb8a6ee9b2021-12-21 12:19:53.085root 11241100x8000000000000000651460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970c57683bd674562021-12-21 12:19:53.085root 11241100x8000000000000000651461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8565a2d32b84f532021-12-21 12:19:53.443root 11241100x8000000000000000651462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74da650cb7676e0b2021-12-21 12:19:53.443root 11241100x8000000000000000651463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8047832f90e44abe2021-12-21 12:19:53.443root 11241100x8000000000000000651464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3203b81dd044dab2021-12-21 12:19:53.443root 11241100x8000000000000000651465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c12843fa06f4272021-12-21 12:19:53.443root 11241100x8000000000000000651466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4a51696a0df3b02021-12-21 12:19:53.444root 11241100x8000000000000000651467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3765ac36aacf21042021-12-21 12:19:53.444root 11241100x8000000000000000651468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0791503452ec4c362021-12-21 12:19:53.444root 11241100x8000000000000000651469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb72f29370fd875f2021-12-21 12:19:53.444root 11241100x8000000000000000651470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e6cd2dec35830f2021-12-21 12:19:53.444root 11241100x8000000000000000651471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2f337d187adc702021-12-21 12:19:53.943root 11241100x8000000000000000651472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8aff1f9cca7025a2021-12-21 12:19:53.943root 11241100x8000000000000000651473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f9a2cdf1ebe4e82021-12-21 12:19:53.943root 11241100x8000000000000000651474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c632ee6c1f0491412021-12-21 12:19:53.943root 11241100x8000000000000000651475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791b121404d68bfd2021-12-21 12:19:53.943root 11241100x8000000000000000651476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3369db53de584392021-12-21 12:19:53.944root 11241100x8000000000000000651477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c03063b8ef1c122021-12-21 12:19:53.944root 11241100x8000000000000000651478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad5d27cbc1c7f372021-12-21 12:19:53.944root 11241100x8000000000000000651479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fd5e8503c3146d2021-12-21 12:19:53.944root 11241100x8000000000000000651480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea1df93c00e82cc2021-12-21 12:19:53.945root 11241100x8000000000000000651481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c86ec2f161ae9d2021-12-21 12:19:54.443root 11241100x8000000000000000651482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d255a631620f192021-12-21 12:19:54.443root 11241100x8000000000000000651483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4701f76644d54a62021-12-21 12:19:54.443root 11241100x8000000000000000651484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023b8acdec40ada72021-12-21 12:19:54.443root 11241100x8000000000000000651485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2aa4d031b558822021-12-21 12:19:54.443root 11241100x8000000000000000651486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9135249fc62dc02021-12-21 12:19:54.443root 11241100x8000000000000000651487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22ce58a5bf6baf52021-12-21 12:19:54.443root 11241100x8000000000000000651488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781d5e8dfd7d72c42021-12-21 12:19:54.443root 11241100x8000000000000000651489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1331d159a6776692021-12-21 12:19:54.444root 11241100x8000000000000000651490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd833777c2e6a912021-12-21 12:19:54.444root 11241100x8000000000000000651491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c2546f5934e28d2021-12-21 12:19:54.943root 11241100x8000000000000000651492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c627de904165d3d92021-12-21 12:19:54.943root 11241100x8000000000000000651493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddae0b7b7a2bc4082021-12-21 12:19:54.943root 11241100x8000000000000000651494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de665e2b9bf1ff02021-12-21 12:19:54.943root 11241100x8000000000000000651495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f1e65da031eb2f2021-12-21 12:19:54.943root 11241100x8000000000000000651496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c8c17e658873ba2021-12-21 12:19:54.944root 11241100x8000000000000000651497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81020cbcabc436c2021-12-21 12:19:54.944root 11241100x8000000000000000651498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6ed51a2d57e6f62021-12-21 12:19:54.944root 11241100x8000000000000000651499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b24237044e1bdb72021-12-21 12:19:54.944root 11241100x8000000000000000651500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db52fce0b65bca0b2021-12-21 12:19:54.944root 11241100x8000000000000000651501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6be7d44f8486b82021-12-21 12:19:55.443root 11241100x8000000000000000651502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f17a79026389dd2021-12-21 12:19:55.443root 11241100x8000000000000000651503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ca88e53c34ff632021-12-21 12:19:55.443root 11241100x8000000000000000651504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2a4e0b929334252021-12-21 12:19:55.443root 11241100x8000000000000000651505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35af698cb0b02602021-12-21 12:19:55.443root 11241100x8000000000000000651506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2ed0838c882b902021-12-21 12:19:55.443root 11241100x8000000000000000651507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9b021480d1b9102021-12-21 12:19:55.443root 11241100x8000000000000000651508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7e04d755f133122021-12-21 12:19:55.443root 11241100x8000000000000000651509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa33de6e9dce5512021-12-21 12:19:55.443root 11241100x8000000000000000651510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a939c5eed0a34772021-12-21 12:19:55.444root 11241100x8000000000000000651511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534b5ff7e4ec24ba2021-12-21 12:19:55.943root 11241100x8000000000000000651512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c279acb781b25b32021-12-21 12:19:55.943root 11241100x8000000000000000651513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ffdbe62912c90d2021-12-21 12:19:55.943root 11241100x8000000000000000651514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b1e0daac4abd2d2021-12-21 12:19:55.943root 11241100x8000000000000000651515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fc84b0d883540a2021-12-21 12:19:55.943root 11241100x8000000000000000651516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600eda75e2158f492021-12-21 12:19:55.943root 11241100x8000000000000000651517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1c602ec5c7ef2d2021-12-21 12:19:55.944root 11241100x8000000000000000651518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3c6b97796f88cd2021-12-21 12:19:55.944root 11241100x8000000000000000651519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a702daf4b386628c2021-12-21 12:19:55.944root 11241100x8000000000000000651520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2579da18e68c812021-12-21 12:19:55.944root 11241100x8000000000000000651521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752fdbe6f22090dd2021-12-21 12:19:56.443root 11241100x8000000000000000651522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5a64e9ee4f560e2021-12-21 12:19:56.443root 11241100x8000000000000000651523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7274bd4865e35f682021-12-21 12:19:56.443root 11241100x8000000000000000651524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf24c2218c9bba02021-12-21 12:19:56.443root 11241100x8000000000000000651525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22e0b3dfc9f5a332021-12-21 12:19:56.443root 11241100x8000000000000000651526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e688a16b2e0e71792021-12-21 12:19:56.443root 11241100x8000000000000000651527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb12a7ca731862e2021-12-21 12:19:56.444root 11241100x8000000000000000651528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85dd504ae4c06b52021-12-21 12:19:56.444root 11241100x8000000000000000651529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bf173a20fba1e02021-12-21 12:19:56.444root 11241100x8000000000000000651530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa268b3d24f970892021-12-21 12:19:56.444root 11241100x8000000000000000651531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7287c1e6a257d9d2021-12-21 12:19:56.943root 11241100x8000000000000000651532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0476694151cee32021-12-21 12:19:56.943root 11241100x8000000000000000651533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c85f1068cb57c452021-12-21 12:19:56.943root 11241100x8000000000000000651534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f93ca4350f8fd4a2021-12-21 12:19:56.943root 11241100x8000000000000000651535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e6ceefa7011a762021-12-21 12:19:56.943root 11241100x8000000000000000651536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f3d0b80350a0832021-12-21 12:19:56.944root 11241100x8000000000000000651537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5631474c40c90d2021-12-21 12:19:56.944root 11241100x8000000000000000651538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16386da41df71afb2021-12-21 12:19:56.944root 11241100x8000000000000000651539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcee39c000b96a3f2021-12-21 12:19:56.944root 11241100x8000000000000000651540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a28f8200f18e5912021-12-21 12:19:56.944root 11241100x8000000000000000651541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489fc01cff43b1b52021-12-21 12:19:57.442root 11241100x8000000000000000651542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b018980f4c1dd6ce2021-12-21 12:19:57.443root 11241100x8000000000000000651543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c78b7f2dfe87b12021-12-21 12:19:57.443root 11241100x8000000000000000651544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a0f735c739c8502021-12-21 12:19:57.443root 11241100x8000000000000000651545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b913affd1d2d74072021-12-21 12:19:57.443root 11241100x8000000000000000651546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac48e4b50e4d0492021-12-21 12:19:57.443root 11241100x8000000000000000651547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f405a64b3353132021-12-21 12:19:57.444root 11241100x8000000000000000651548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793137af3773b4372021-12-21 12:19:57.444root 11241100x8000000000000000651549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be390980af4f0882021-12-21 12:19:57.444root 11241100x8000000000000000651550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8290057fea3f2d32021-12-21 12:19:57.444root 11241100x8000000000000000651551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0513e93147941ae2021-12-21 12:19:57.943root 11241100x8000000000000000651552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa97c96d9b4694542021-12-21 12:19:57.943root 11241100x8000000000000000651553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada5cae95c7f072b2021-12-21 12:19:57.943root 11241100x8000000000000000651554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfba1f55dc135b92021-12-21 12:19:57.943root 11241100x8000000000000000651555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e060a20c1b4fb42021-12-21 12:19:57.943root 11241100x8000000000000000651556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890abbfe29fd47a62021-12-21 12:19:57.943root 11241100x8000000000000000651557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6db9af826285b7c2021-12-21 12:19:57.943root 11241100x8000000000000000651558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6737df0e404a2042021-12-21 12:19:57.943root 11241100x8000000000000000651559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af27c2b8e6f456e2021-12-21 12:19:57.943root 11241100x8000000000000000651560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12a9ccb8dfa5f522021-12-21 12:19:57.943root 354300x8000000000000000651561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.206{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49834-false10.0.1.12-8000- 11241100x8000000000000000651562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75bcb5df7eac5ee2021-12-21 12:19:58.207root 11241100x8000000000000000651563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d86e90455a2f7f2021-12-21 12:19:58.207root 11241100x8000000000000000651564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02912e0ff15dcb8f2021-12-21 12:19:58.207root 11241100x8000000000000000651565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c047424162aab0862021-12-21 12:19:58.207root 11241100x8000000000000000651566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dce8c259262b13d2021-12-21 12:19:58.207root 11241100x8000000000000000651567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03bca9075a1b6a62021-12-21 12:19:58.207root 11241100x8000000000000000651568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239e215497b449a42021-12-21 12:19:58.208root 11241100x8000000000000000651569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8896177097470e8d2021-12-21 12:19:58.208root 11241100x8000000000000000651570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd683a4b4b2a3c332021-12-21 12:19:58.208root 11241100x8000000000000000651571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21532c29f2b45cf82021-12-21 12:19:58.208root 11241100x8000000000000000651572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341688bc0e3de2a02021-12-21 12:19:58.208root 11241100x8000000000000000651573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119ed5858510d4012021-12-21 12:19:58.208root 11241100x8000000000000000651574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e871c108a4407fa2021-12-21 12:19:58.693root 11241100x8000000000000000651575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294f91165e6f288e2021-12-21 12:19:58.693root 11241100x8000000000000000651576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b2df753e74290a2021-12-21 12:19:58.693root 11241100x8000000000000000651577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6cbb2269a0f3432021-12-21 12:19:58.693root 11241100x8000000000000000651578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f931fd06159929112021-12-21 12:19:58.693root 11241100x8000000000000000651579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c728acbb2744fbfb2021-12-21 12:19:58.693root 11241100x8000000000000000651580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16dad1c93aa23b92021-12-21 12:19:58.693root 11241100x8000000000000000651581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8030d5e62c5bb6722021-12-21 12:19:58.694root 11241100x8000000000000000651582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24df35ce9dd25682021-12-21 12:19:58.694root 11241100x8000000000000000651583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e334ad6bcd98902021-12-21 12:19:58.694root 11241100x8000000000000000651584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38b8061004e64022021-12-21 12:19:58.694root 11241100x8000000000000000651585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60732e5ac011692f2021-12-21 12:19:59.193root 11241100x8000000000000000651586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f07ef5b9f2ecbe62021-12-21 12:19:59.193root 11241100x8000000000000000651587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f330fd87377ba5282021-12-21 12:19:59.193root 11241100x8000000000000000651588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb0b8c0f44eaeba2021-12-21 12:19:59.193root 11241100x8000000000000000651589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65498281f99a20f72021-12-21 12:19:59.193root 11241100x8000000000000000651590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e3bac94c7b0d142021-12-21 12:19:59.193root 11241100x8000000000000000651591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904913a2f65898892021-12-21 12:19:59.193root 11241100x8000000000000000651592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1498396c2d715e2e2021-12-21 12:19:59.193root 11241100x8000000000000000651593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28834d0168c4edc92021-12-21 12:19:59.193root 11241100x8000000000000000651594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55cabd8aeff449c2021-12-21 12:19:59.193root 11241100x8000000000000000651595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dbc3893ab450f22021-12-21 12:19:59.193root 11241100x8000000000000000651596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b687f8cca358a1702021-12-21 12:19:59.693root 11241100x8000000000000000651597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf5e0419a1491742021-12-21 12:19:59.693root 11241100x8000000000000000651598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a8868c0c594cbb2021-12-21 12:19:59.693root 11241100x8000000000000000651599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a10ef9fa888dd02021-12-21 12:19:59.693root 11241100x8000000000000000651600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ddcff45f8a01a42021-12-21 12:19:59.693root 11241100x8000000000000000651601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a2f1f96c29bfef2021-12-21 12:19:59.693root 11241100x8000000000000000651602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cf5d53d74bfec72021-12-21 12:19:59.693root 11241100x8000000000000000651603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d4c58e1aa923a92021-12-21 12:19:59.694root 11241100x8000000000000000651604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31598bc35ec335992021-12-21 12:19:59.694root 11241100x8000000000000000651605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eaf5628b19d351b2021-12-21 12:19:59.694root 11241100x8000000000000000651606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a9d1abeb6659232021-12-21 12:19:59.694root 11241100x8000000000000000651607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f06857a021c746e2021-12-21 12:20:00.193root 11241100x8000000000000000651608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683263c195a5f6822021-12-21 12:20:00.193root 11241100x8000000000000000651609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59be3fbef7ed875f2021-12-21 12:20:00.193root 11241100x8000000000000000651610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e4faea589ee1f12021-12-21 12:20:00.193root 11241100x8000000000000000651611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e3f7c471a8aa462021-12-21 12:20:00.193root 11241100x8000000000000000651612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be876cccc2df98852021-12-21 12:20:00.193root 11241100x8000000000000000651613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaaec00906dda8ad2021-12-21 12:20:00.193root 11241100x8000000000000000651614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c375d915b930baf2021-12-21 12:20:00.193root 11241100x8000000000000000651615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbbf2baa54b10da2021-12-21 12:20:00.193root 11241100x8000000000000000651616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a000444c23f2e002021-12-21 12:20:00.193root 11241100x8000000000000000651617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efabe86640a2b6fc2021-12-21 12:20:00.193root 11241100x8000000000000000651618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e2fdf94429123e2021-12-21 12:20:00.693root 11241100x8000000000000000651619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5752bd4072bb33ad2021-12-21 12:20:00.693root 11241100x8000000000000000651620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9678931001aeec832021-12-21 12:20:00.693root 11241100x8000000000000000651621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21630fb6c909ddf02021-12-21 12:20:00.693root 11241100x8000000000000000651622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4798715b644a5db62021-12-21 12:20:00.693root 11241100x8000000000000000651623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ebfb86a01d122f2021-12-21 12:20:00.693root 11241100x8000000000000000651624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cc13adcfdeb0392021-12-21 12:20:00.693root 11241100x8000000000000000651625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52bb1e719894bd22021-12-21 12:20:00.693root 11241100x8000000000000000651626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6d0b80aceebc002021-12-21 12:20:00.693root 11241100x8000000000000000651627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1d67780680048d2021-12-21 12:20:00.693root 11241100x8000000000000000651628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6af17d98db3b072021-12-21 12:20:00.693root 11241100x8000000000000000651629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528d886ca3d006d32021-12-21 12:20:01.193root 11241100x8000000000000000651630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4441312b4ec8a92021-12-21 12:20:01.193root 11241100x8000000000000000651631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f9640416288ac72021-12-21 12:20:01.193root 11241100x8000000000000000651632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce700e89068c6552021-12-21 12:20:01.193root 11241100x8000000000000000651633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470acc9c4b031e9b2021-12-21 12:20:01.193root 11241100x8000000000000000651634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdbb1cf92470ca42021-12-21 12:20:01.193root 11241100x8000000000000000651635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64927a34b3b2e7432021-12-21 12:20:01.194root 11241100x8000000000000000651636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174ff59a4b51fbd32021-12-21 12:20:01.194root 11241100x8000000000000000651637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5446ea63360386fb2021-12-21 12:20:01.194root 11241100x8000000000000000651638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145530bfe18062ea2021-12-21 12:20:01.194root 11241100x8000000000000000651639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09447ea69d1535e2021-12-21 12:20:01.194root 11241100x8000000000000000651640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda181af43c2a33a2021-12-21 12:20:01.693root 11241100x8000000000000000651641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a15de7a3efe20c82021-12-21 12:20:01.693root 11241100x8000000000000000651642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c285d684127d2df2021-12-21 12:20:01.693root 11241100x8000000000000000651643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f0744701c796ea2021-12-21 12:20:01.693root 11241100x8000000000000000651644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74970ee4845cff602021-12-21 12:20:01.693root 11241100x8000000000000000651645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63811a10ce24f2a22021-12-21 12:20:01.693root 11241100x8000000000000000651646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44a991aa451b0da2021-12-21 12:20:01.693root 11241100x8000000000000000651647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c6e0135c9607052021-12-21 12:20:01.693root 11241100x8000000000000000651648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb658f107364acc2021-12-21 12:20:01.693root 11241100x8000000000000000651649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a954aef13f16249b2021-12-21 12:20:01.693root 11241100x8000000000000000651650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b226bf501eac69b22021-12-21 12:20:01.693root 11241100x8000000000000000651651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7065fff2326744b12021-12-21 12:20:02.193root 11241100x8000000000000000651652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbc1c9062425c4e2021-12-21 12:20:02.193root 11241100x8000000000000000651653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c6aeb059a044b82021-12-21 12:20:02.193root 11241100x8000000000000000651654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d870a9c2a8a4c42021-12-21 12:20:02.193root 11241100x8000000000000000651655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216e42325b2c03f02021-12-21 12:20:02.193root 11241100x8000000000000000651656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8249b3236d2c12342021-12-21 12:20:02.193root 11241100x8000000000000000651657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87974be85dbbca62021-12-21 12:20:02.193root 11241100x8000000000000000651658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657aa57452e262532021-12-21 12:20:02.193root 11241100x8000000000000000651659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b916034ecbf6b8db2021-12-21 12:20:02.194root 11241100x8000000000000000651660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb2d600aff608dd2021-12-21 12:20:02.194root 11241100x8000000000000000651661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f2e69a29147ec92021-12-21 12:20:02.194root 11241100x8000000000000000651662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de979beb4f355a882021-12-21 12:20:02.693root 11241100x8000000000000000651663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fd706b18bea2df2021-12-21 12:20:02.693root 11241100x8000000000000000651664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4474d5543db6c82021-12-21 12:20:02.693root 11241100x8000000000000000651665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12585b233b27cfe82021-12-21 12:20:02.693root 11241100x8000000000000000651666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737e25a8315750c42021-12-21 12:20:02.693root 11241100x8000000000000000651667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd54ad7a8673c9c52021-12-21 12:20:02.693root 11241100x8000000000000000651668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054fe5113a856cfb2021-12-21 12:20:02.693root 11241100x8000000000000000651669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26af86d63625b7552021-12-21 12:20:02.693root 11241100x8000000000000000651670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59cf9db2d5e62f02021-12-21 12:20:02.693root 11241100x8000000000000000651671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6005142692e04dd2021-12-21 12:20:02.694root 11241100x8000000000000000651672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e622839579f1af2021-12-21 12:20:02.694root 11241100x8000000000000000651673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e47a6639e752362021-12-21 12:20:03.193root 11241100x8000000000000000651674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c401ce6a56094a2021-12-21 12:20:03.193root 11241100x8000000000000000651675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d18ac5cee53f4382021-12-21 12:20:03.193root 11241100x8000000000000000651676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73a7cff9b8ca4212021-12-21 12:20:03.193root 11241100x8000000000000000651677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4f1872e1d365cc2021-12-21 12:20:03.193root 11241100x8000000000000000651678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b3c2bccd9d56912021-12-21 12:20:03.193root 11241100x8000000000000000651679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed5cb168d2803822021-12-21 12:20:03.193root 11241100x8000000000000000651680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09f1ee24800cddf2021-12-21 12:20:03.194root 11241100x8000000000000000651681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050049b6a3e10d112021-12-21 12:20:03.194root 11241100x8000000000000000651682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92804b88f413e1992021-12-21 12:20:03.194root 11241100x8000000000000000651683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5dbd7575a79ede92021-12-21 12:20:03.194root 11241100x8000000000000000651684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8626a0675c3d0b522021-12-21 12:20:03.693root 11241100x8000000000000000651685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5816012f7821ee542021-12-21 12:20:03.693root 11241100x8000000000000000651686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c1bbb904951d0b2021-12-21 12:20:03.693root 11241100x8000000000000000651687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53255d5743667a12021-12-21 12:20:03.693root 11241100x8000000000000000651688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41ce05e8be6095e2021-12-21 12:20:03.693root 11241100x8000000000000000651689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9c7f570411b36f2021-12-21 12:20:03.693root 11241100x8000000000000000651690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df34121b346adbaf2021-12-21 12:20:03.693root 11241100x8000000000000000651691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e61efb3a76f72a2021-12-21 12:20:03.693root 11241100x8000000000000000651692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cae415882220bd72021-12-21 12:20:03.693root 11241100x8000000000000000651693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e78ba7e591bd0ac2021-12-21 12:20:03.693root 11241100x8000000000000000651694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5413d2c27a2639652021-12-21 12:20:03.693root 354300x8000000000000000651695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.156{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49836-false10.0.1.12-8000- 11241100x8000000000000000651696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e4b8d097ff8c5e2021-12-21 12:20:04.157root 11241100x8000000000000000651697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f2f1476f8b993a2021-12-21 12:20:04.157root 11241100x8000000000000000651698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e2cb0f9bdec28f2021-12-21 12:20:04.157root 11241100x8000000000000000651699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0b11d4546e716d2021-12-21 12:20:04.157root 11241100x8000000000000000651700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61743554c6e4f592021-12-21 12:20:04.157root 11241100x8000000000000000651701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ce578bbae3706e2021-12-21 12:20:04.157root 11241100x8000000000000000651702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605477f8677367dc2021-12-21 12:20:04.158root 11241100x8000000000000000651703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6f27cd8c36c9d92021-12-21 12:20:04.158root 11241100x8000000000000000651704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c8821e4c031ae82021-12-21 12:20:04.158root 11241100x8000000000000000651705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c89fbdd5f903b762021-12-21 12:20:04.158root 11241100x8000000000000000651706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56085630a9375ff82021-12-21 12:20:04.158root 11241100x8000000000000000651707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32abf23a36074802021-12-21 12:20:04.158root 11241100x8000000000000000651708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7fe3dbbdf92ed22021-12-21 12:20:04.158root 11241100x8000000000000000651709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41829ff0e801f9312021-12-21 12:20:04.158root 11241100x8000000000000000651710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c1127ca0603ab32021-12-21 12:20:04.158root 11241100x8000000000000000651711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6de5c75eb6770882021-12-21 12:20:04.158root 11241100x8000000000000000651712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f2b48ee4a67d002021-12-21 12:20:04.158root 11241100x8000000000000000651713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed815e96dabb3d62021-12-21 12:20:04.159root 11241100x8000000000000000651714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838783b08edbb3332021-12-21 12:20:04.443root 11241100x8000000000000000651715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e7696159bcbb442021-12-21 12:20:04.443root 11241100x8000000000000000651716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fdde0fdf8d0b352021-12-21 12:20:04.443root 11241100x8000000000000000651717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e9d2e947b51aed2021-12-21 12:20:04.443root 11241100x8000000000000000651718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d746ece5618e9632021-12-21 12:20:04.443root 11241100x8000000000000000651719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f159094e8a276de2021-12-21 12:20:04.443root 11241100x8000000000000000651720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8b9c1fd7b482632021-12-21 12:20:04.443root 11241100x8000000000000000651721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a50b19d22032cc2021-12-21 12:20:04.443root 11241100x8000000000000000651722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7bf7608de745e22021-12-21 12:20:04.444root 11241100x8000000000000000651723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e8ea1c0e56b0202021-12-21 12:20:04.444root 11241100x8000000000000000651724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a3f420dfb0f9482021-12-21 12:20:04.444root 11241100x8000000000000000651725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683d1a347192e9972021-12-21 12:20:04.444root 11241100x8000000000000000651726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bff4a629a3477592021-12-21 12:20:04.943root 11241100x8000000000000000651727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0819b62303bf5f732021-12-21 12:20:04.943root 11241100x8000000000000000651728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a4251c13e19a382021-12-21 12:20:04.943root 11241100x8000000000000000651729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd4e1c974385bbe2021-12-21 12:20:04.943root 11241100x8000000000000000651730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02606108a71cdbdc2021-12-21 12:20:04.943root 11241100x8000000000000000651731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862d50adc0a269be2021-12-21 12:20:04.943root 11241100x8000000000000000651732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bebdba77a6cb592021-12-21 12:20:04.943root 11241100x8000000000000000651733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6dcc1dc94fdaf602021-12-21 12:20:04.944root 11241100x8000000000000000651734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cbae0f6dae35682021-12-21 12:20:04.944root 11241100x8000000000000000651735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94f88e95070cb4f2021-12-21 12:20:04.944root 11241100x8000000000000000651736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39ef1e98aa39fe52021-12-21 12:20:04.944root 11241100x8000000000000000651737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f09b4ac485682682021-12-21 12:20:04.944root 11241100x8000000000000000651738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da1ab4987aa8ca42021-12-21 12:20:05.443root 11241100x8000000000000000651739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b707cc4b882946982021-12-21 12:20:05.443root 11241100x8000000000000000651740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443c284e471ee2962021-12-21 12:20:05.443root 11241100x8000000000000000651741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a96052aab306d42021-12-21 12:20:05.443root 11241100x8000000000000000651742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547d88ecca75f3d62021-12-21 12:20:05.443root 11241100x8000000000000000651743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416396d2eb5535372021-12-21 12:20:05.444root 11241100x8000000000000000651744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61799b220b1fae772021-12-21 12:20:05.444root 11241100x8000000000000000651745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f080c12d257c1a2021-12-21 12:20:05.444root 11241100x8000000000000000651746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d64cd26b09c4b32021-12-21 12:20:05.444root 11241100x8000000000000000651747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9082af1acbf6e03f2021-12-21 12:20:05.444root 11241100x8000000000000000651748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ad1af4fcbf830d2021-12-21 12:20:05.444root 11241100x8000000000000000651749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01b5ed77d6ff1362021-12-21 12:20:05.445root 11241100x8000000000000000651750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ff8a782d7cd6e42021-12-21 12:20:05.943root 11241100x8000000000000000651751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ed5e659bf34aa52021-12-21 12:20:05.943root 11241100x8000000000000000651752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c650d5942eb6b232021-12-21 12:20:05.943root 11241100x8000000000000000651753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92a8d046a133fa52021-12-21 12:20:05.943root 11241100x8000000000000000651754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7dbfe64c60f2af22021-12-21 12:20:05.943root 11241100x8000000000000000651755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b653c45b4540da2021-12-21 12:20:05.943root 11241100x8000000000000000651756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c03054a6fb0eb22021-12-21 12:20:05.943root 11241100x8000000000000000651757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8297a602fbdb7872021-12-21 12:20:05.943root 11241100x8000000000000000651758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a70fd1f92c0c1e2021-12-21 12:20:05.943root 11241100x8000000000000000651759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589ed0895d06b5792021-12-21 12:20:05.944root 11241100x8000000000000000651760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef931c2592dd1d4b2021-12-21 12:20:05.944root 11241100x8000000000000000651761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ed384b29fab0d82021-12-21 12:20:05.944root 11241100x8000000000000000651762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.143{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:20:06.143root 11241100x8000000000000000651763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39e50d7b7ae89c32021-12-21 12:20:06.443root 11241100x8000000000000000651764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cf4a3dda95384b2021-12-21 12:20:06.443root 11241100x8000000000000000651765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7097065afd03bac92021-12-21 12:20:06.443root 11241100x8000000000000000651766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f969e8fc5d16f0f72021-12-21 12:20:06.443root 11241100x8000000000000000651767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc5ed17ebafcf802021-12-21 12:20:06.443root 11241100x8000000000000000651768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1202c872b89c7a2021-12-21 12:20:06.443root 11241100x8000000000000000651769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9a0940d1de6e3d2021-12-21 12:20:06.444root 11241100x8000000000000000651770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9163020bba35762021-12-21 12:20:06.444root 11241100x8000000000000000651771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556cf07b6fadbe782021-12-21 12:20:06.444root 11241100x8000000000000000651772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da34d9a29c6fdd602021-12-21 12:20:06.444root 11241100x8000000000000000651773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115acf2a63c6b8492021-12-21 12:20:06.444root 11241100x8000000000000000651774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb71b02156474352021-12-21 12:20:06.444root 11241100x8000000000000000651775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc537b4eb574290b2021-12-21 12:20:06.444root 11241100x8000000000000000651776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd11bdd7da5600d2021-12-21 12:20:06.943root 11241100x8000000000000000651777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f301c55acf6b42ad2021-12-21 12:20:06.943root 11241100x8000000000000000651778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097e2fc93f0c964d2021-12-21 12:20:06.943root 11241100x8000000000000000651779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c260da6349bc881a2021-12-21 12:20:06.943root 11241100x8000000000000000651780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ae19ac5cbf8edc2021-12-21 12:20:06.943root 11241100x8000000000000000651781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d40a6675aaf92a2021-12-21 12:20:06.943root 11241100x8000000000000000651782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57ffc00f2ac88832021-12-21 12:20:06.943root 11241100x8000000000000000651783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba2d2562b8d29282021-12-21 12:20:06.943root 11241100x8000000000000000651784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af44e8d31a0c65492021-12-21 12:20:06.943root 11241100x8000000000000000651785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8921aba3eb7e5b502021-12-21 12:20:06.943root 11241100x8000000000000000651786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bd3270eff4a5982021-12-21 12:20:06.943root 11241100x8000000000000000651787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4617b2e689bada92021-12-21 12:20:06.943root 11241100x8000000000000000651788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2f91df9b82587d2021-12-21 12:20:06.944root 11241100x8000000000000000651789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5cbd9b728c777b2021-12-21 12:20:07.443root 11241100x8000000000000000651790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300b7e6bd0ac70932021-12-21 12:20:07.443root 11241100x8000000000000000651791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6721f45eb66ebdc42021-12-21 12:20:07.443root 11241100x8000000000000000651792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a735cb1b71b0299c2021-12-21 12:20:07.443root 11241100x8000000000000000651793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6189a92698ea714f2021-12-21 12:20:07.443root 11241100x8000000000000000651794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb6b19ef5dd072f2021-12-21 12:20:07.443root 11241100x8000000000000000651795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67c1a8d06c5bc5b2021-12-21 12:20:07.444root 11241100x8000000000000000651796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6293c5bb89dbe6742021-12-21 12:20:07.444root 11241100x8000000000000000651797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d52b802a6612db62021-12-21 12:20:07.444root 11241100x8000000000000000651798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c6a07b5681ff662021-12-21 12:20:07.444root 11241100x8000000000000000651799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e8d8a6f89883e82021-12-21 12:20:07.444root 11241100x8000000000000000651800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f75f02521cc8502021-12-21 12:20:07.444root 11241100x8000000000000000651801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c7bc196d3d40dd2021-12-21 12:20:07.444root 11241100x8000000000000000651802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29145095421b8b6d2021-12-21 12:20:07.943root 11241100x8000000000000000651803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda2f959e5f60cf02021-12-21 12:20:07.943root 11241100x8000000000000000651804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bd8e4327e091962021-12-21 12:20:07.943root 11241100x8000000000000000651805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55c49d23eda27df2021-12-21 12:20:07.943root 11241100x8000000000000000651806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbda032a06cae7f42021-12-21 12:20:07.943root 11241100x8000000000000000651807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ef1b972b96860d2021-12-21 12:20:07.943root 11241100x8000000000000000651808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173f3e3b9290759b2021-12-21 12:20:07.944root 11241100x8000000000000000651809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6153f6b5f5cb5d432021-12-21 12:20:07.944root 11241100x8000000000000000651810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976fa76b01c776232021-12-21 12:20:07.944root 11241100x8000000000000000651811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5751c68720fb0f2021-12-21 12:20:07.944root 11241100x8000000000000000651812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf97443015b855bd2021-12-21 12:20:07.944root 11241100x8000000000000000651813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bcbbb58a17dc6b02021-12-21 12:20:07.944root 11241100x8000000000000000651814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d1b206062614882021-12-21 12:20:07.944root 11241100x8000000000000000651815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4a1eb041390bd92021-12-21 12:20:08.443root 11241100x8000000000000000651816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8da500ce182e372021-12-21 12:20:08.443root 11241100x8000000000000000651817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20019cb48cda15ed2021-12-21 12:20:08.443root 11241100x8000000000000000651818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a3d3ee3492ced52021-12-21 12:20:08.443root 11241100x8000000000000000651819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0dca8d41b211a02021-12-21 12:20:08.444root 11241100x8000000000000000651820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0e614b4a3453252021-12-21 12:20:08.444root 11241100x8000000000000000651821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a42c5018124ca652021-12-21 12:20:08.444root 11241100x8000000000000000651822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9071e299c91b5a422021-12-21 12:20:08.444root 11241100x8000000000000000651823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c897008bf81906f12021-12-21 12:20:08.444root 11241100x8000000000000000651824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5cd619796660fe2021-12-21 12:20:08.444root 11241100x8000000000000000651825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2523513ff8c8cc4e2021-12-21 12:20:08.444root 11241100x8000000000000000651826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37561abf0e7c27ca2021-12-21 12:20:08.444root 11241100x8000000000000000651827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cb9354c6e018c02021-12-21 12:20:08.444root 154100x8000000000000000651828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.621{ec2b6afe-c678-61c1-68c4-67d163550000}10075/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000651829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.631{ec2b6afe-c678-61c1-68c4-67d163550000}10075/bin/psroot 11241100x8000000000000000651830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8886c3998f451c2021-12-21 12:20:08.943root 11241100x8000000000000000651831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299e42519cd4b8932021-12-21 12:20:08.943root 11241100x8000000000000000651832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa71e605b5c055462021-12-21 12:20:08.943root 11241100x8000000000000000651833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1eed33aea422282021-12-21 12:20:08.944root 11241100x8000000000000000651834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b480de58c1b3272021-12-21 12:20:08.944root 11241100x8000000000000000651835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d63502b5fb12c0d2021-12-21 12:20:08.944root 11241100x8000000000000000651836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe110f3ffc76bf32021-12-21 12:20:08.944root 11241100x8000000000000000651837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae5ac1ce95d4f392021-12-21 12:20:08.944root 11241100x8000000000000000651838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c85ccd40fe76742021-12-21 12:20:08.945root 11241100x8000000000000000651839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83111a8e287752eb2021-12-21 12:20:08.945root 11241100x8000000000000000651840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2747d7e7e062c12021-12-21 12:20:08.945root 11241100x8000000000000000651841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71fa33b79449e3e2021-12-21 12:20:08.945root 11241100x8000000000000000651842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97a6a548851ec752021-12-21 12:20:08.945root 11241100x8000000000000000651843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229204b44aa4fa8f2021-12-21 12:20:08.945root 11241100x8000000000000000651844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea430b659a152862021-12-21 12:20:08.945root 23542300x8000000000000000651845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.145{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x8000000000000000651846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.218{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49838-false10.0.1.12-8000- 11241100x8000000000000000651847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d22cfbf199a7132021-12-21 12:20:09.219root 11241100x8000000000000000651848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41745146bb708362021-12-21 12:20:09.219root 11241100x8000000000000000651849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca5e1aa16e0ce282021-12-21 12:20:09.219root 11241100x8000000000000000651850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c0e8bb805c82f02021-12-21 12:20:09.219root 11241100x8000000000000000651851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6b092bbd1978b72021-12-21 12:20:09.220root 11241100x8000000000000000651852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62f3a4a1792ec0c2021-12-21 12:20:09.220root 11241100x8000000000000000651853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177dcdb1de642c582021-12-21 12:20:09.220root 11241100x8000000000000000651854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a04d334079f8ae2021-12-21 12:20:09.220root 11241100x8000000000000000651855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5780c03d519ab052021-12-21 12:20:09.220root 11241100x8000000000000000651856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5453711137e21c82021-12-21 12:20:09.220root 11241100x8000000000000000651857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c594333cf4f5ef82021-12-21 12:20:09.220root 11241100x8000000000000000651858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa170185bfe649072021-12-21 12:20:09.220root 11241100x8000000000000000651859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49604495636a9a312021-12-21 12:20:09.221root 11241100x8000000000000000651860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b433b6eaa09ba32021-12-21 12:20:09.221root 11241100x8000000000000000651861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745cc358f22c68962021-12-21 12:20:09.221root 11241100x8000000000000000651862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdf0af2e6f0ae672021-12-21 12:20:09.221root 11241100x8000000000000000651863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f00fb063f59a3c12021-12-21 12:20:09.221root 11241100x8000000000000000651864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d9f1c711c4548a2021-12-21 12:20:09.693root 11241100x8000000000000000651865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1a5635d8d8d7a22021-12-21 12:20:09.693root 11241100x8000000000000000651866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a318628585c7e3e2021-12-21 12:20:09.693root 11241100x8000000000000000651867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535432cfca602dce2021-12-21 12:20:09.693root 11241100x8000000000000000651868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4af685c69a500952021-12-21 12:20:09.693root 11241100x8000000000000000651869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec4382fd748c4772021-12-21 12:20:09.694root 11241100x8000000000000000651870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69accfa7972f221e2021-12-21 12:20:09.694root 11241100x8000000000000000651871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414b5aac17948bac2021-12-21 12:20:09.694root 11241100x8000000000000000651872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb765577eac465e82021-12-21 12:20:09.694root 11241100x8000000000000000651873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a578db8f87765b372021-12-21 12:20:09.694root 11241100x8000000000000000651874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6af51c6b0cbbc592021-12-21 12:20:09.694root 11241100x8000000000000000651875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70adacfa686ab6242021-12-21 12:20:09.694root 11241100x8000000000000000651876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc930810b2145d32021-12-21 12:20:09.694root 11241100x8000000000000000651877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199e94a4285a66ae2021-12-21 12:20:09.694root 11241100x8000000000000000651878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85c286bdc43b03f2021-12-21 12:20:09.694root 11241100x8000000000000000651879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cd5020376545602021-12-21 12:20:09.695root 11241100x8000000000000000651880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946338ba46b07fdc2021-12-21 12:20:09.695root 11241100x8000000000000000651881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c992951051f23aca2021-12-21 12:20:10.193root 11241100x8000000000000000651882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec275eb506032a872021-12-21 12:20:10.193root 11241100x8000000000000000651883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9625f60c5de2ec7f2021-12-21 12:20:10.193root 11241100x8000000000000000651884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902b7dc8876c933a2021-12-21 12:20:10.193root 11241100x8000000000000000651885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bd3bdac18da0e72021-12-21 12:20:10.193root 11241100x8000000000000000651886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee2cba2d2f5b7282021-12-21 12:20:10.193root 11241100x8000000000000000651887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f077c678ccde3b2021-12-21 12:20:10.194root 11241100x8000000000000000651888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae4ec1f331dafe12021-12-21 12:20:10.194root 11241100x8000000000000000651889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb451bc891ae43a2021-12-21 12:20:10.194root 11241100x8000000000000000651890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35774a9015342c992021-12-21 12:20:10.194root 11241100x8000000000000000651891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c24720407f4e7732021-12-21 12:20:10.194root 11241100x8000000000000000651892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31a268dc8d2feea2021-12-21 12:20:10.194root 11241100x8000000000000000651893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9ae78a9f831f382021-12-21 12:20:10.194root 11241100x8000000000000000651894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec233bb7aea0b66b2021-12-21 12:20:10.194root 11241100x8000000000000000651895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67686d4ad8efa0952021-12-21 12:20:10.194root 11241100x8000000000000000651896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf5d428459c5de12021-12-21 12:20:10.194root 11241100x8000000000000000651897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eda86752bff13b82021-12-21 12:20:10.194root 11241100x8000000000000000651898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d7fc7906a865902021-12-21 12:20:10.693root 11241100x8000000000000000651899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcec6d928c87ead2021-12-21 12:20:10.693root 11241100x8000000000000000651900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a78dab23c1208a62021-12-21 12:20:10.693root 11241100x8000000000000000651901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d736542b9ab2ca2021-12-21 12:20:10.693root 11241100x8000000000000000651902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8758a53262781cee2021-12-21 12:20:10.693root 11241100x8000000000000000651903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ee694447f81b5b2021-12-21 12:20:10.694root 11241100x8000000000000000651904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6850caa7b7881272021-12-21 12:20:10.694root 11241100x8000000000000000651905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e1894431e629aa2021-12-21 12:20:10.694root 11241100x8000000000000000651906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f18abc19bc7bfce2021-12-21 12:20:10.694root 11241100x8000000000000000651907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0720cdf7dc3899b22021-12-21 12:20:10.694root 11241100x8000000000000000651908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff45cad2c688a0ff2021-12-21 12:20:10.694root 11241100x8000000000000000651909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc061ed5a39c33e2021-12-21 12:20:10.694root 11241100x8000000000000000651910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2932d42d15ea264d2021-12-21 12:20:10.694root 11241100x8000000000000000651911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6aa20e9f8dd53ed2021-12-21 12:20:10.694root 11241100x8000000000000000651912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e0329f7e4eb3882021-12-21 12:20:10.694root 11241100x8000000000000000651913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009e854e260c91432021-12-21 12:20:10.694root 11241100x8000000000000000651914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89027c8086319ea52021-12-21 12:20:10.694root 11241100x8000000000000000651915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d5d4e97835859f2021-12-21 12:20:11.193root 11241100x8000000000000000651916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e63747f74773302021-12-21 12:20:11.193root 11241100x8000000000000000651917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0682d74746ec46702021-12-21 12:20:11.193root 11241100x8000000000000000651918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b870fd74cf2ef29b2021-12-21 12:20:11.193root 11241100x8000000000000000651919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8467147112efa12021-12-21 12:20:11.194root 11241100x8000000000000000651920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4961a003c68f99c12021-12-21 12:20:11.194root 11241100x8000000000000000651921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262985a82e0d92702021-12-21 12:20:11.194root 11241100x8000000000000000651922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc128841b478313b2021-12-21 12:20:11.194root 11241100x8000000000000000651923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e5bd362821808b2021-12-21 12:20:11.194root 11241100x8000000000000000651924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae05e58cfce5b2162021-12-21 12:20:11.194root 11241100x8000000000000000651925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096293508a60144e2021-12-21 12:20:11.194root 11241100x8000000000000000651926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189fdc2a50fb1ff02021-12-21 12:20:11.194root 11241100x8000000000000000651927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26264ed3c20f3e42021-12-21 12:20:11.194root 11241100x8000000000000000651928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739d2fddc79584252021-12-21 12:20:11.194root 11241100x8000000000000000651929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623553ad4314efa32021-12-21 12:20:11.194root 11241100x8000000000000000651930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b17d93713a1a51b2021-12-21 12:20:11.194root 11241100x8000000000000000651931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1177fa0f34a9bf842021-12-21 12:20:11.194root 11241100x8000000000000000651932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e421e1a6a007eb62021-12-21 12:20:11.693root 11241100x8000000000000000651933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463d988db424184c2021-12-21 12:20:11.693root 11241100x8000000000000000651934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe0c79d362c99972021-12-21 12:20:11.693root 11241100x8000000000000000651935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9dc11db7d863a9b2021-12-21 12:20:11.693root 11241100x8000000000000000651936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb27786a984dac72021-12-21 12:20:11.693root 11241100x8000000000000000651937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de0933d063de9982021-12-21 12:20:11.694root 11241100x8000000000000000651938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd97325dca1d60782021-12-21 12:20:11.694root 11241100x8000000000000000651939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240f27f9e2e647912021-12-21 12:20:11.694root 11241100x8000000000000000651940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a208413ec96d162021-12-21 12:20:11.694root 11241100x8000000000000000651941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb418afa2e008c72021-12-21 12:20:11.694root 11241100x8000000000000000651942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737a89e557ed042e2021-12-21 12:20:11.694root 11241100x8000000000000000651943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ac288b694d9fdc2021-12-21 12:20:11.694root 11241100x8000000000000000651944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac04989019f80912021-12-21 12:20:11.694root 11241100x8000000000000000651945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9189af9779ca34b02021-12-21 12:20:11.694root 11241100x8000000000000000651946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf91ff3a8c22d7652021-12-21 12:20:11.694root 11241100x8000000000000000651947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dde7263f273a2a12021-12-21 12:20:11.694root 11241100x8000000000000000651948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb403a46556eae32021-12-21 12:20:11.694root 11241100x8000000000000000651949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ffa2f15f29b32e2021-12-21 12:20:12.193root 11241100x8000000000000000651950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d119950e23501fc72021-12-21 12:20:12.193root 11241100x8000000000000000651951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2001496906ff55b12021-12-21 12:20:12.193root 11241100x8000000000000000651952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcb590c562366402021-12-21 12:20:12.193root 11241100x8000000000000000651953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ed3a7e6a7a85012021-12-21 12:20:12.193root 11241100x8000000000000000651954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47669ab062a981252021-12-21 12:20:12.193root 11241100x8000000000000000651955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdbde933c8faf9f2021-12-21 12:20:12.193root 11241100x8000000000000000651956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb66a8aa2b8f12772021-12-21 12:20:12.194root 11241100x8000000000000000651957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bd6c89574a009a2021-12-21 12:20:12.194root 11241100x8000000000000000651958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53125e807232318d2021-12-21 12:20:12.194root 11241100x8000000000000000651959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1bbb13877f38e52021-12-21 12:20:12.194root 11241100x8000000000000000651960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be3d7e9544423162021-12-21 12:20:12.194root 11241100x8000000000000000651961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de3c8de23e28c882021-12-21 12:20:12.194root 11241100x8000000000000000651962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2ea4635c3c4db62021-12-21 12:20:12.194root 11241100x8000000000000000651963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd42e42e2a9251ab2021-12-21 12:20:12.194root 11241100x8000000000000000651964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacd37b6a172dc592021-12-21 12:20:12.194root 11241100x8000000000000000651965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d843575297e184b2021-12-21 12:20:12.195root 11241100x8000000000000000651966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8235f57e963a211b2021-12-21 12:20:12.693root 11241100x8000000000000000651967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263c7c0ef5b06e262021-12-21 12:20:12.693root 11241100x8000000000000000651968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f022909411b03fe82021-12-21 12:20:12.694root 11241100x8000000000000000651969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f9685b08ea30d92021-12-21 12:20:12.694root 11241100x8000000000000000651970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630cfa5774f5d3982021-12-21 12:20:12.694root 11241100x8000000000000000651971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95700245375a86442021-12-21 12:20:12.694root 11241100x8000000000000000651972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0631b647791786572021-12-21 12:20:12.694root 11241100x8000000000000000651973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1daeaa09c1e0602021-12-21 12:20:12.695root 11241100x8000000000000000651974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b34f53c7a8da112021-12-21 12:20:12.695root 11241100x8000000000000000651975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043e15859f321a392021-12-21 12:20:12.695root 11241100x8000000000000000651976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b2c0c2eb027d8c2021-12-21 12:20:12.695root 11241100x8000000000000000651977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97cacfb9e68d2212021-12-21 12:20:12.695root 11241100x8000000000000000651978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b363f8e52d2f780e2021-12-21 12:20:12.695root 11241100x8000000000000000651979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c604b42bf18ae1192021-12-21 12:20:12.695root 11241100x8000000000000000651980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abfbc757451f34e2021-12-21 12:20:12.695root 11241100x8000000000000000651981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3deceb2030a3322021-12-21 12:20:12.696root 11241100x8000000000000000651982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7eb0996a7736512021-12-21 12:20:12.696root 11241100x8000000000000000651983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c019b87803dee4ba2021-12-21 12:20:13.193root 11241100x8000000000000000651984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80b5b0ceba1ae182021-12-21 12:20:13.193root 11241100x8000000000000000651985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b811a0e48dec28b82021-12-21 12:20:13.193root 11241100x8000000000000000651986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec0fc87a1c90e3e2021-12-21 12:20:13.193root 11241100x8000000000000000651987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcd1880d61f25bb2021-12-21 12:20:13.194root 11241100x8000000000000000651988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff9e23a1aa1e0732021-12-21 12:20:13.194root 11241100x8000000000000000651989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a79f02cec3c1ee2021-12-21 12:20:13.194root 11241100x8000000000000000651990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c132f6dd2754ffe82021-12-21 12:20:13.194root 11241100x8000000000000000651991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1bb67c81ac1daf2021-12-21 12:20:13.194root 11241100x8000000000000000651992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ee377f5c4cc9092021-12-21 12:20:13.194root 11241100x8000000000000000651993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c9203a3259597b2021-12-21 12:20:13.194root 11241100x8000000000000000651994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d67f8fc759066772021-12-21 12:20:13.194root 11241100x8000000000000000651995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1e0ee0a1c2d0ec2021-12-21 12:20:13.194root 11241100x8000000000000000651996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b885a9d6ac8107362021-12-21 12:20:13.194root 11241100x8000000000000000651997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65224ea3a8b118ac2021-12-21 12:20:13.194root 11241100x8000000000000000651998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0374384ce55cbd022021-12-21 12:20:13.195root 11241100x8000000000000000651999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bb89a5a43532832021-12-21 12:20:13.195root 11241100x8000000000000000652000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea1def8d5723d162021-12-21 12:20:13.693root 11241100x8000000000000000652001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862fada08a4a33a32021-12-21 12:20:13.693root 11241100x8000000000000000652002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e406cb2f46b787df2021-12-21 12:20:13.693root 11241100x8000000000000000652003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84eaa5cd1e9a19ef2021-12-21 12:20:13.693root 11241100x8000000000000000652004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b16566ac9933132021-12-21 12:20:13.694root 11241100x8000000000000000652005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5be2ca2f21c54832021-12-21 12:20:13.694root 11241100x8000000000000000652006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09ac570030302b82021-12-21 12:20:13.694root 11241100x8000000000000000652007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f71ccb1ad2ac1762021-12-21 12:20:13.694root 11241100x8000000000000000652008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612f3fa56005cab72021-12-21 12:20:13.694root 11241100x8000000000000000652009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4c4a4cae93bc992021-12-21 12:20:13.694root 11241100x8000000000000000652010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e758c98a076dfd0d2021-12-21 12:20:13.694root 11241100x8000000000000000652011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a6caf4efd56ff02021-12-21 12:20:13.694root 11241100x8000000000000000652012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc84434314f239302021-12-21 12:20:13.694root 11241100x8000000000000000652013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19040dad9091ac942021-12-21 12:20:13.695root 11241100x8000000000000000652014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676ba0aab69e98512021-12-21 12:20:13.695root 11241100x8000000000000000652015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fa3a91026845a32021-12-21 12:20:13.695root 11241100x8000000000000000652016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8105a778c30b26dc2021-12-21 12:20:13.695root 11241100x8000000000000000652017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87c8f395e72744f2021-12-21 12:20:14.193root 11241100x8000000000000000652018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d154888001b78172021-12-21 12:20:14.193root 11241100x8000000000000000652019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c94116c224591a52021-12-21 12:20:14.193root 11241100x8000000000000000652020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1affce7af5e30192021-12-21 12:20:14.193root 11241100x8000000000000000652021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5419b5d6edb7132021-12-21 12:20:14.194root 11241100x8000000000000000652022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c932969a2657202021-12-21 12:20:14.194root 11241100x8000000000000000652023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e882b753f57c772021-12-21 12:20:14.194root 11241100x8000000000000000652024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0a00fa21a87a3c2021-12-21 12:20:14.194root 11241100x8000000000000000652025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3b9dfc9dd074c82021-12-21 12:20:14.194root 11241100x8000000000000000652026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc59b09de99684c2021-12-21 12:20:14.194root 11241100x8000000000000000652027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97ce6b49593a92f2021-12-21 12:20:14.194root 11241100x8000000000000000652028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6db28da40fabd392021-12-21 12:20:14.194root 11241100x8000000000000000652029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c96e4a5ac131352021-12-21 12:20:14.194root 11241100x8000000000000000652030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57953f0c999ca73b2021-12-21 12:20:14.195root 11241100x8000000000000000652031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f62a0998980e2f2021-12-21 12:20:14.195root 11241100x8000000000000000652032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3a5b5669b4b58f2021-12-21 12:20:14.195root 11241100x8000000000000000652033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8057b4b4564b6f992021-12-21 12:20:14.195root 11241100x8000000000000000652034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24a4a606239b4522021-12-21 12:20:14.693root 11241100x8000000000000000652035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55dc9a5fcccad2a22021-12-21 12:20:14.693root 11241100x8000000000000000652036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa8bab0efddb8ea2021-12-21 12:20:14.693root 11241100x8000000000000000652037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d39c69234e4ac652021-12-21 12:20:14.693root 11241100x8000000000000000652038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46604803813056442021-12-21 12:20:14.693root 11241100x8000000000000000652039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438d7cd571e8b1f52021-12-21 12:20:14.694root 11241100x8000000000000000652040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c324fe39cb2cd9a2021-12-21 12:20:14.694root 11241100x8000000000000000652041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528e75eda69e0ea72021-12-21 12:20:14.694root 11241100x8000000000000000652042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abec2d9f8ca673a02021-12-21 12:20:14.694root 11241100x8000000000000000652043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8642583dbdb95182021-12-21 12:20:14.694root 11241100x8000000000000000652044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2e4ebf51e1f4d32021-12-21 12:20:14.694root 11241100x8000000000000000652045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1450e2b3c13ee02c2021-12-21 12:20:14.694root 11241100x8000000000000000652046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28406f8ba50902ce2021-12-21 12:20:14.694root 11241100x8000000000000000652047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf8d643c860ee6c2021-12-21 12:20:14.694root 11241100x8000000000000000652048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48665fb4ec25beb62021-12-21 12:20:14.694root 11241100x8000000000000000652049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d5b6cf74d543c42021-12-21 12:20:14.695root 11241100x8000000000000000652050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fea8dc0c5c0eca2021-12-21 12:20:14.695root 354300x8000000000000000652051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.079{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49840-false10.0.1.12-8000- 11241100x8000000000000000652052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b3efccb2594e0c2021-12-21 12:20:15.080root 11241100x8000000000000000652053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f106ef54314d3a92021-12-21 12:20:15.080root 11241100x8000000000000000652054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4befde7c2cb5045f2021-12-21 12:20:15.080root 11241100x8000000000000000652055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8c4c3c094b61802021-12-21 12:20:15.080root 11241100x8000000000000000652056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba18ee0f38572df52021-12-21 12:20:15.080root 11241100x8000000000000000652057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30426530dd4599102021-12-21 12:20:15.080root 11241100x8000000000000000652058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ebc558f62f8afc2021-12-21 12:20:15.080root 11241100x8000000000000000652059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb051a826797bcd2021-12-21 12:20:15.080root 11241100x8000000000000000652060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251176eb50c75ed02021-12-21 12:20:15.080root 11241100x8000000000000000652061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a69a6248a16fd242021-12-21 12:20:15.080root 11241100x8000000000000000652062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce291392ef54b9bd2021-12-21 12:20:15.080root 11241100x8000000000000000652063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b97a6290d466d12021-12-21 12:20:15.080root 11241100x8000000000000000652064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87aa4b26e9368b12021-12-21 12:20:15.080root 11241100x8000000000000000652065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994325f08d03dace2021-12-21 12:20:15.080root 11241100x8000000000000000652066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3380d601706ddf42021-12-21 12:20:15.081root 11241100x8000000000000000652067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716fbfc29867e6f32021-12-21 12:20:15.081root 11241100x8000000000000000652068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654d3468acf435552021-12-21 12:20:15.081root 11241100x8000000000000000652069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2e1835389d6aa82021-12-21 12:20:15.081root 11241100x8000000000000000652070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7f6ddbac41f34a2021-12-21 12:20:15.081root 11241100x8000000000000000652071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f169fac3ed3750582021-12-21 12:20:15.081root 11241100x8000000000000000652072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05addc1c1cf4b1912021-12-21 12:20:15.081root 11241100x8000000000000000652073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8599391d0c8d91f82021-12-21 12:20:15.081root 11241100x8000000000000000652074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e27d0a2231162fe2021-12-21 12:20:15.081root 11241100x8000000000000000652075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e5d746827accc42021-12-21 12:20:15.081root 11241100x8000000000000000652076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e433ac77f9da4d932021-12-21 12:20:15.081root 11241100x8000000000000000652077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a2b3e765bdd28f2021-12-21 12:20:15.081root 11241100x8000000000000000652078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8313e88f40603f632021-12-21 12:20:15.082root 11241100x8000000000000000652079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3289cfabc06849c12021-12-21 12:20:15.082root 11241100x8000000000000000652080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ebf4af658dda802021-12-21 12:20:15.082root 11241100x8000000000000000652081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fede3e2d2a1daee82021-12-21 12:20:15.082root 11241100x8000000000000000652082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9af2846eb13f182021-12-21 12:20:15.082root 11241100x8000000000000000652083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2dbee2e08f10392021-12-21 12:20:15.082root 11241100x8000000000000000652084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0424390d55e62f722021-12-21 12:20:15.082root 11241100x8000000000000000652085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8514847a21cc6b012021-12-21 12:20:15.083root 11241100x8000000000000000652086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44aa32a52202e3622021-12-21 12:20:15.083root 11241100x8000000000000000652087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5993ef8a12e455462021-12-21 12:20:15.083root 11241100x8000000000000000652088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c214e5dcb0f89a22021-12-21 12:20:15.083root 11241100x8000000000000000652089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81323fda0bf90952021-12-21 12:20:15.083root 11241100x8000000000000000652090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a678e9a1faff44b2021-12-21 12:20:15.083root 11241100x8000000000000000652091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb26a8a21b793ab2021-12-21 12:20:15.083root 11241100x8000000000000000652092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c21eff16aa9f862021-12-21 12:20:15.443root 11241100x8000000000000000652093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1a738c37dbeeef2021-12-21 12:20:15.443root 11241100x8000000000000000652094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dda6e0b47898e02021-12-21 12:20:15.443root 11241100x8000000000000000652095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4413df068799742021-12-21 12:20:15.443root 11241100x8000000000000000652096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c164e9bcd2f8a42021-12-21 12:20:15.444root 11241100x8000000000000000652097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fff190b0f88b9a2021-12-21 12:20:15.444root 11241100x8000000000000000652098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83acee768a238f52021-12-21 12:20:15.444root 11241100x8000000000000000652099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94388736341c81b2021-12-21 12:20:15.444root 11241100x8000000000000000652100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd54ed563ce5559a2021-12-21 12:20:15.444root 11241100x8000000000000000652101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f685ecabd3e1c8732021-12-21 12:20:15.444root 11241100x8000000000000000652102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb3fe61647ec6af2021-12-21 12:20:15.444root 11241100x8000000000000000652103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e04e9fc78c28402021-12-21 12:20:15.444root 11241100x8000000000000000652104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88cd2a1420ab1122021-12-21 12:20:15.444root 11241100x8000000000000000652105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3118bbf6135f435f2021-12-21 12:20:15.444root 11241100x8000000000000000652106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca8612d0ffeb9582021-12-21 12:20:15.444root 11241100x8000000000000000652107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818bd1920c7fceb82021-12-21 12:20:15.444root 11241100x8000000000000000652108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139abe05c588484d2021-12-21 12:20:15.444root 11241100x8000000000000000652109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b44da2270a4b0d2021-12-21 12:20:15.444root 11241100x8000000000000000652110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99aab1f3ad0892c52021-12-21 12:20:15.943root 11241100x8000000000000000652111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564ee2cc75cd4e032021-12-21 12:20:15.943root 11241100x8000000000000000652112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794f258d4060b1ef2021-12-21 12:20:15.944root 11241100x8000000000000000652113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58bda28b41a4d812021-12-21 12:20:15.944root 11241100x8000000000000000652114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7fd6d39f23ff592021-12-21 12:20:15.944root 11241100x8000000000000000652115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0502f7283964481e2021-12-21 12:20:15.944root 11241100x8000000000000000652116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8ca24391c425052021-12-21 12:20:15.944root 11241100x8000000000000000652117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d3605ae1b29c222021-12-21 12:20:15.944root 11241100x8000000000000000652118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbf6c276958223a2021-12-21 12:20:15.945root 11241100x8000000000000000652119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dad86d0cdfa7a52021-12-21 12:20:15.945root 11241100x8000000000000000652120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea48f43ed1850a02021-12-21 12:20:15.945root 11241100x8000000000000000652121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2535170ae09e31092021-12-21 12:20:15.946root 11241100x8000000000000000652122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556335d629a771be2021-12-21 12:20:15.946root 11241100x8000000000000000652123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a58c546c13f5e9e2021-12-21 12:20:15.946root 11241100x8000000000000000652124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22522ab452e510522021-12-21 12:20:15.946root 11241100x8000000000000000652125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0faf77c2d704a12021-12-21 12:20:15.947root 11241100x8000000000000000652126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab56615ce8e2f6b92021-12-21 12:20:15.947root 11241100x8000000000000000652127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0181f39a2dd61ab42021-12-21 12:20:15.947root 11241100x8000000000000000652128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618a401b8fd44a892021-12-21 12:20:16.443root 11241100x8000000000000000652129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba6fc0e8953914f2021-12-21 12:20:16.444root 11241100x8000000000000000652130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d95cf99e72312cf2021-12-21 12:20:16.444root 11241100x8000000000000000652131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4d0e10208e9c942021-12-21 12:20:16.444root 11241100x8000000000000000652132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaf814c0ffe42f32021-12-21 12:20:16.445root 11241100x8000000000000000652133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e086fb0de5eaee12021-12-21 12:20:16.445root 11241100x8000000000000000652134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5836c91727a258852021-12-21 12:20:16.445root 11241100x8000000000000000652135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12554b99a4ed7d92021-12-21 12:20:16.445root 11241100x8000000000000000652136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b325e8051b634a0d2021-12-21 12:20:16.446root 11241100x8000000000000000652137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118ec8c241682d102021-12-21 12:20:16.446root 11241100x8000000000000000652138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2048dc9c9095b8e02021-12-21 12:20:16.446root 11241100x8000000000000000652139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb351828163a0b42021-12-21 12:20:16.446root 11241100x8000000000000000652140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe6bef2b7f9aec32021-12-21 12:20:16.446root 11241100x8000000000000000652141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460b396e8c37c2ee2021-12-21 12:20:16.446root 11241100x8000000000000000652142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5a56b395b6946f2021-12-21 12:20:16.447root 11241100x8000000000000000652143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bfef373e7c45d82021-12-21 12:20:16.447root 11241100x8000000000000000652144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28a1dbc928f2bf32021-12-21 12:20:16.447root 11241100x8000000000000000652145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf72742bfcd266a2021-12-21 12:20:16.447root 11241100x8000000000000000652146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628cae27a6ca04b32021-12-21 12:20:16.943root 11241100x8000000000000000652147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cb24acdf1dc8ec2021-12-21 12:20:16.943root 11241100x8000000000000000652148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902a5b5564d48db22021-12-21 12:20:16.943root 11241100x8000000000000000652149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1de1fe2cce35e02021-12-21 12:20:16.943root 11241100x8000000000000000652150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52e533025376a442021-12-21 12:20:16.944root 11241100x8000000000000000652151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f07940239cde1f2021-12-21 12:20:16.944root 11241100x8000000000000000652152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c820985c923e08a52021-12-21 12:20:16.944root 11241100x8000000000000000652153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72b6331ecd175282021-12-21 12:20:16.944root 11241100x8000000000000000652154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a1ca9dce7192d22021-12-21 12:20:16.944root 11241100x8000000000000000652155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a5ab46d107b4022021-12-21 12:20:16.944root 11241100x8000000000000000652156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958890ad6e5fdfad2021-12-21 12:20:16.944root 11241100x8000000000000000652157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d64dff1ab1e27192021-12-21 12:20:16.945root 11241100x8000000000000000652158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81c0a448dd0d2892021-12-21 12:20:16.945root 11241100x8000000000000000652159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472d3888836b175a2021-12-21 12:20:16.945root 11241100x8000000000000000652160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c05ec1f4913a05d2021-12-21 12:20:16.945root 11241100x8000000000000000652161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e022c83fd891f7b2021-12-21 12:20:16.946root 11241100x8000000000000000652162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8e45360bd45fe82021-12-21 12:20:16.946root 11241100x8000000000000000652163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaffd3b0f4ab26e2021-12-21 12:20:16.946root 11241100x8000000000000000652164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfc903a0d2d5ec62021-12-21 12:20:17.443root 11241100x8000000000000000652165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37c09009ffd96bb2021-12-21 12:20:17.443root 11241100x8000000000000000652166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1584d16c0a3c8e2021-12-21 12:20:17.444root 11241100x8000000000000000652167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82f67dcdcd0befb2021-12-21 12:20:17.444root 11241100x8000000000000000652168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa44e061d139f69f2021-12-21 12:20:17.444root 11241100x8000000000000000652169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c72554cd44ce9c2021-12-21 12:20:17.444root 11241100x8000000000000000652170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d012e3f88101cbf82021-12-21 12:20:17.445root 11241100x8000000000000000652171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb31d922e21d5652021-12-21 12:20:17.445root 11241100x8000000000000000652172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f9cd73d3601b412021-12-21 12:20:17.445root 11241100x8000000000000000652173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631e14a2206715a42021-12-21 12:20:17.445root 11241100x8000000000000000652174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85901872e1a90a892021-12-21 12:20:17.445root 11241100x8000000000000000652175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43baa50f7640afb82021-12-21 12:20:17.445root 11241100x8000000000000000652176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bbf794cefbaa022021-12-21 12:20:17.445root 11241100x8000000000000000652177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb77074c2077cab42021-12-21 12:20:17.445root 11241100x8000000000000000652178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebbcac7d28a853b2021-12-21 12:20:17.445root 11241100x8000000000000000652179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f73b7399cd473b52021-12-21 12:20:17.445root 11241100x8000000000000000652180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535654edf28433c82021-12-21 12:20:17.446root 11241100x8000000000000000652181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f2614fb907d02c2021-12-21 12:20:17.446root 11241100x8000000000000000652182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329f2fd95e880e232021-12-21 12:20:17.943root 11241100x8000000000000000652183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd426ffd111a4522021-12-21 12:20:17.943root 11241100x8000000000000000652184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c200c7954c0fccaf2021-12-21 12:20:17.944root 11241100x8000000000000000652185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4507a8c293bb98ea2021-12-21 12:20:17.944root 11241100x8000000000000000652186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e8314f5f7fafbf2021-12-21 12:20:17.944root 11241100x8000000000000000652187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7133a263deba7c2021-12-21 12:20:17.944root 11241100x8000000000000000652188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c78ca8689cdd1d52021-12-21 12:20:17.944root 11241100x8000000000000000652189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d518a761e2f29522021-12-21 12:20:17.944root 11241100x8000000000000000652190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37be0a12abf0ef62021-12-21 12:20:17.945root 11241100x8000000000000000652191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc057be95755bf62021-12-21 12:20:17.945root 11241100x8000000000000000652192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419daa69baf96a182021-12-21 12:20:17.945root 11241100x8000000000000000652193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a303b16eeab41fbb2021-12-21 12:20:17.945root 11241100x8000000000000000652194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5549ac7bd534b4cc2021-12-21 12:20:17.945root 11241100x8000000000000000652195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598f082ec3eae1802021-12-21 12:20:17.945root 11241100x8000000000000000652196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ad89e7a099c9142021-12-21 12:20:17.945root 11241100x8000000000000000652197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d15b34ade3a3702021-12-21 12:20:17.945root 11241100x8000000000000000652198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a43328f2f15cf622021-12-21 12:20:17.946root 11241100x8000000000000000652199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bfc3bcb547dbcc2021-12-21 12:20:17.946root 11241100x8000000000000000652200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aef037c1b21addc2021-12-21 12:20:18.443root 11241100x8000000000000000652201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eadfab9547316c22021-12-21 12:20:18.443root 11241100x8000000000000000652202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1c6777f07bb5f82021-12-21 12:20:18.443root 11241100x8000000000000000652203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79e02768c12c8232021-12-21 12:20:18.443root 11241100x8000000000000000652204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ec4d9227fdf8c72021-12-21 12:20:18.443root 11241100x8000000000000000652205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4dcdb2482ae58e2021-12-21 12:20:18.444root 11241100x8000000000000000652206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd4cc657151f6cd2021-12-21 12:20:18.444root 11241100x8000000000000000652207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62f6e53cb6335862021-12-21 12:20:18.444root 11241100x8000000000000000652208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97b412412f045f22021-12-21 12:20:18.444root 11241100x8000000000000000652209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7193d9274946e6262021-12-21 12:20:18.444root 11241100x8000000000000000652210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de51af13648203ae2021-12-21 12:20:18.444root 11241100x8000000000000000652211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f37c3a5b3155ad42021-12-21 12:20:18.444root 11241100x8000000000000000652212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b229511b87f0c2a2021-12-21 12:20:18.444root 11241100x8000000000000000652213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6773ad59c52418452021-12-21 12:20:18.444root 11241100x8000000000000000652214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa1ac173d1b4ec62021-12-21 12:20:18.444root 11241100x8000000000000000652215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d0d1ca5c540def2021-12-21 12:20:18.444root 11241100x8000000000000000652216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a15dd95338e29942021-12-21 12:20:18.445root 11241100x8000000000000000652217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8188079a170cc42021-12-21 12:20:18.445root 11241100x8000000000000000652218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3021ad68f897d862021-12-21 12:20:18.943root 11241100x8000000000000000652219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506cd7b93fcfe6482021-12-21 12:20:18.943root 11241100x8000000000000000652220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6195ef362fcce7942021-12-21 12:20:18.944root 11241100x8000000000000000652221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e37383bd6682f82021-12-21 12:20:18.944root 11241100x8000000000000000652222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c04b9704d0f19a2021-12-21 12:20:18.944root 11241100x8000000000000000652223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cfa40203cf50f52021-12-21 12:20:18.944root 11241100x8000000000000000652224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8a3be6a6729ad12021-12-21 12:20:18.944root 11241100x8000000000000000652225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289ba44b86ac609f2021-12-21 12:20:18.944root 11241100x8000000000000000652226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc6547fd0ea7ec62021-12-21 12:20:18.944root 11241100x8000000000000000652227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3b0ec0bd659e872021-12-21 12:20:18.945root 11241100x8000000000000000652228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388c7c9c56819b2e2021-12-21 12:20:18.945root 11241100x8000000000000000652229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c15d20dc43a58df2021-12-21 12:20:18.945root 11241100x8000000000000000652230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e6556d6432d4632021-12-21 12:20:18.945root 11241100x8000000000000000652231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37f0ed00a5bece32021-12-21 12:20:18.945root 11241100x8000000000000000652232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c6b133bdb5674a2021-12-21 12:20:18.945root 11241100x8000000000000000652233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49421f5cf8f0789f2021-12-21 12:20:18.945root 11241100x8000000000000000652234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d16361e00a68ef92021-12-21 12:20:18.945root 11241100x8000000000000000652235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714d51ebc83d3da72021-12-21 12:20:18.945root 11241100x8000000000000000652236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1e148a29a8a9102021-12-21 12:20:19.443root 11241100x8000000000000000652237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cafafdea357ad382021-12-21 12:20:19.443root 11241100x8000000000000000652238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0c8eb09ddd7c822021-12-21 12:20:19.444root 11241100x8000000000000000652239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23bd0a1b0656af62021-12-21 12:20:19.444root 11241100x8000000000000000652240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d73ea026da652bf2021-12-21 12:20:19.444root 11241100x8000000000000000652241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bf3324409298a82021-12-21 12:20:19.444root 11241100x8000000000000000652242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e3d17ebe62b4ee2021-12-21 12:20:19.444root 11241100x8000000000000000652243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b74e8ba5e4763c42021-12-21 12:20:19.444root 11241100x8000000000000000652244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12dbecdc1b3c1262021-12-21 12:20:19.444root 11241100x8000000000000000652245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418ac0650200486f2021-12-21 12:20:19.445root 11241100x8000000000000000652246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7fa0d0f7c4967f2021-12-21 12:20:19.445root 11241100x8000000000000000652247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b77593d192c5c112021-12-21 12:20:19.445root 11241100x8000000000000000652248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3fb51db4096ea72021-12-21 12:20:19.445root 11241100x8000000000000000652249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2adca4dbb8533b2021-12-21 12:20:19.445root 11241100x8000000000000000652250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468e5e4d2ad11aa92021-12-21 12:20:19.445root 11241100x8000000000000000652251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741ae45097c38d672021-12-21 12:20:19.446root 11241100x8000000000000000652252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3858eeb7edb8ca62021-12-21 12:20:19.446root 11241100x8000000000000000652253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ea116ea4d2de2b2021-12-21 12:20:19.446root 11241100x8000000000000000652254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c29d1ce22eaa6d2021-12-21 12:20:19.943root 11241100x8000000000000000652255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b8dc2b64ceec382021-12-21 12:20:19.943root 11241100x8000000000000000652256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4742908f8b7c3cce2021-12-21 12:20:19.944root 11241100x8000000000000000652257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94c218c29656a272021-12-21 12:20:19.944root 11241100x8000000000000000652258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce405f03d3d921fc2021-12-21 12:20:19.944root 11241100x8000000000000000652259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b2433d05a845772021-12-21 12:20:19.944root 11241100x8000000000000000652260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1ae9a7d4ac396a2021-12-21 12:20:19.944root 11241100x8000000000000000652261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2077af1bfa01be02021-12-21 12:20:19.944root 11241100x8000000000000000652262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23b6103a6c14cd22021-12-21 12:20:19.944root 11241100x8000000000000000652263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c92ef59c864e1f12021-12-21 12:20:19.944root 11241100x8000000000000000652264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be69943e44aabf4d2021-12-21 12:20:19.944root 11241100x8000000000000000652265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ff2075965db0c82021-12-21 12:20:19.945root 11241100x8000000000000000652266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5881b7a0ed9b232021-12-21 12:20:19.945root 11241100x8000000000000000652267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af9f80f825dd07d2021-12-21 12:20:19.945root 11241100x8000000000000000652268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701ccb81e1779eb62021-12-21 12:20:19.945root 11241100x8000000000000000652269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a256f6f4fd04452021-12-21 12:20:19.945root 11241100x8000000000000000652270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46352bdf65913a2a2021-12-21 12:20:19.945root 11241100x8000000000000000652271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fbfeb42fd289002021-12-21 12:20:19.945root 354300x8000000000000000652272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.095{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49842-false10.0.1.12-8000- 11241100x8000000000000000652273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b8b049c6790cdd2021-12-21 12:20:20.443root 11241100x8000000000000000652274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60f6c224cdcacd52021-12-21 12:20:20.443root 11241100x8000000000000000652275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a06799ec701b9e2021-12-21 12:20:20.443root 11241100x8000000000000000652276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e0bd6ea402683a2021-12-21 12:20:20.443root 11241100x8000000000000000652277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d02b042322e3c062021-12-21 12:20:20.444root 11241100x8000000000000000652278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa9c6a0c517f2872021-12-21 12:20:20.444root 11241100x8000000000000000652279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafdf40be9bac56d2021-12-21 12:20:20.444root 11241100x8000000000000000652280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52525ef8b3f1ba5b2021-12-21 12:20:20.444root 11241100x8000000000000000652281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52e1a4d0a0d1c902021-12-21 12:20:20.444root 11241100x8000000000000000652282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ba1a23666149b72021-12-21 12:20:20.444root 11241100x8000000000000000652283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c62a1808eb25af2021-12-21 12:20:20.444root 11241100x8000000000000000652284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078693e83eec8a2c2021-12-21 12:20:20.444root 11241100x8000000000000000652285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de48714b8c352522021-12-21 12:20:20.444root 11241100x8000000000000000652286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad64591f40915362021-12-21 12:20:20.444root 11241100x8000000000000000652287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4312c41ec20355fd2021-12-21 12:20:20.444root 11241100x8000000000000000652288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5940fb7961bb98212021-12-21 12:20:20.445root 11241100x8000000000000000652289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4641b90774223f12021-12-21 12:20:20.445root 11241100x8000000000000000652290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4375fd2dc9d2b3202021-12-21 12:20:20.445root 11241100x8000000000000000652291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a547a06daa3fd4ab2021-12-21 12:20:20.445root 11241100x8000000000000000652292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecca4f4a48714f5c2021-12-21 12:20:20.943root 11241100x8000000000000000652293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbee51ea07646cb2021-12-21 12:20:20.943root 11241100x8000000000000000652294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01a24986ffd1c282021-12-21 12:20:20.944root 11241100x8000000000000000652295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bed7c158a647ffb2021-12-21 12:20:20.944root 11241100x8000000000000000652296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc55f6226ac638052021-12-21 12:20:20.944root 11241100x8000000000000000652297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee09102e589994f42021-12-21 12:20:20.944root 11241100x8000000000000000652298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e31ec897f757bd2021-12-21 12:20:20.944root 11241100x8000000000000000652299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603f0c5d1ad627972021-12-21 12:20:20.944root 11241100x8000000000000000652300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3227c93f4358b2002021-12-21 12:20:20.944root 11241100x8000000000000000652301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14520d4ad816e59d2021-12-21 12:20:20.944root 11241100x8000000000000000652302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9848045f37e1a9f12021-12-21 12:20:20.944root 11241100x8000000000000000652303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc32912bb401c752021-12-21 12:20:20.944root 11241100x8000000000000000652304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4228767cac9a90c2021-12-21 12:20:20.944root 11241100x8000000000000000652305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd456376c413d0b2021-12-21 12:20:20.944root 11241100x8000000000000000652306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8395effea7e4a3e02021-12-21 12:20:20.945root 11241100x8000000000000000652307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081341993dc6ad442021-12-21 12:20:20.945root 11241100x8000000000000000652308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3df3cac1bf4bf9e2021-12-21 12:20:20.945root 11241100x8000000000000000652309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc78a0bf36e4f012021-12-21 12:20:20.945root 11241100x8000000000000000652310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3775f0cdd355a1832021-12-21 12:20:20.945root 11241100x8000000000000000652311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5876572f750ffc2021-12-21 12:20:21.444root 11241100x8000000000000000652312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8452866e98ac622021-12-21 12:20:21.444root 11241100x8000000000000000652313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79e1b9f987f6b542021-12-21 12:20:21.444root 11241100x8000000000000000652314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d33e615d43209872021-12-21 12:20:21.444root 11241100x8000000000000000652315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7560907411f63f3c2021-12-21 12:20:21.445root 11241100x8000000000000000652316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b0df55eb6301882021-12-21 12:20:21.445root 11241100x8000000000000000652317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e560e4e8dd8481c62021-12-21 12:20:21.445root 11241100x8000000000000000652318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18dd47fb564c3e52021-12-21 12:20:21.445root 11241100x8000000000000000652319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ca5758a368821d2021-12-21 12:20:21.445root 11241100x8000000000000000652320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced4e363c2eb4ea82021-12-21 12:20:21.446root 11241100x8000000000000000652321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07b1c32683673272021-12-21 12:20:21.446root 11241100x8000000000000000652322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16bbbafe8fab2922021-12-21 12:20:21.446root 11241100x8000000000000000652323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a23d17d26a0f8f2021-12-21 12:20:21.446root 11241100x8000000000000000652324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c087f9774a3b72c2021-12-21 12:20:21.446root 11241100x8000000000000000652325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742a6e96ac27c8b92021-12-21 12:20:21.446root 11241100x8000000000000000652326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd4c3e0476889452021-12-21 12:20:21.446root 11241100x8000000000000000652327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3793c2fdf90ac92021-12-21 12:20:21.446root 11241100x8000000000000000652328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a964d18884bd832021-12-21 12:20:21.446root 11241100x8000000000000000652329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6881fb0812bcabcf2021-12-21 12:20:21.447root 11241100x8000000000000000652330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1f5b8c7dbc9a552021-12-21 12:20:21.943root 11241100x8000000000000000652331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732062f7e367fc322021-12-21 12:20:21.943root 11241100x8000000000000000652332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4534925c2d3d132021-12-21 12:20:21.944root 11241100x8000000000000000652333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84dbe903246bde42021-12-21 12:20:21.944root 11241100x8000000000000000652334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eb2775aa8855d72021-12-21 12:20:21.944root 11241100x8000000000000000652335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac371d3ab397cc32021-12-21 12:20:21.944root 11241100x8000000000000000652336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae19ea87879144a2021-12-21 12:20:21.944root 11241100x8000000000000000652337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fe0c981964efa52021-12-21 12:20:21.944root 11241100x8000000000000000652338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a3268626c1c14d2021-12-21 12:20:21.944root 11241100x8000000000000000652339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68d7b3797b9f2e12021-12-21 12:20:21.944root 11241100x8000000000000000652340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9155600f7780f82021-12-21 12:20:21.944root 11241100x8000000000000000652341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf789be2506be7642021-12-21 12:20:21.944root 11241100x8000000000000000652342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5217cccb539b3a832021-12-21 12:20:21.945root 11241100x8000000000000000652343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4122e2ce5834f2e42021-12-21 12:20:21.945root 11241100x8000000000000000652344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e81974a9a24c062021-12-21 12:20:21.945root 11241100x8000000000000000652345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd39c21acb86dc812021-12-21 12:20:21.945root 11241100x8000000000000000652346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0227d0381f438192021-12-21 12:20:21.945root 11241100x8000000000000000652347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4d57ebdeef3f682021-12-21 12:20:21.945root 11241100x8000000000000000652348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7df8aae64dc7952021-12-21 12:20:21.945root 11241100x8000000000000000652349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bc0d203d14b8a22021-12-21 12:20:21.945root 11241100x8000000000000000652350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473a1e37be36a9db2021-12-21 12:20:21.946root 11241100x8000000000000000652351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79445b4dca288c0e2021-12-21 12:20:21.946root 11241100x8000000000000000652352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efaf5e9cc6b89022021-12-21 12:20:21.946root 11241100x8000000000000000652353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0284c93bf7b78e222021-12-21 12:20:21.946root 11241100x8000000000000000652354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feecb23b3fc56ef32021-12-21 12:20:22.443root 11241100x8000000000000000652355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47b13aa7219b37c2021-12-21 12:20:22.443root 11241100x8000000000000000652356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e043eaab3b33642021-12-21 12:20:22.443root 11241100x8000000000000000652357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01126c0d7866545c2021-12-21 12:20:22.443root 11241100x8000000000000000652358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1cc67dc688015d2021-12-21 12:20:22.444root 11241100x8000000000000000652359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8e9feb717dff122021-12-21 12:20:22.444root 11241100x8000000000000000652360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d56bba72a2915922021-12-21 12:20:22.444root 11241100x8000000000000000652361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1e841476da2d962021-12-21 12:20:22.444root 11241100x8000000000000000652362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da4923845086b9c2021-12-21 12:20:22.444root 11241100x8000000000000000652363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d146309293efd332021-12-21 12:20:22.444root 11241100x8000000000000000652364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8f44dd807be95c2021-12-21 12:20:22.444root 11241100x8000000000000000652365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a471d894b5afbfe22021-12-21 12:20:22.444root 11241100x8000000000000000652366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5066448c3ed90d82021-12-21 12:20:22.444root 11241100x8000000000000000652367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1493a450d3134aeb2021-12-21 12:20:22.444root 11241100x8000000000000000652368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44d7f7a84ff34512021-12-21 12:20:22.444root 11241100x8000000000000000652369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc436f3e6e6184342021-12-21 12:20:22.444root 11241100x8000000000000000652370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c22d4b3a8b4d252021-12-21 12:20:22.444root 11241100x8000000000000000652371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe91b1e5c7b0d622021-12-21 12:20:22.444root 11241100x8000000000000000652372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b62ace8e0d30fb2021-12-21 12:20:22.444root 11241100x8000000000000000652373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b206bb24433248f2021-12-21 12:20:22.943root 11241100x8000000000000000652374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec4fc485bbe5e3f2021-12-21 12:20:22.943root 11241100x8000000000000000652375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec89a7538058f0a52021-12-21 12:20:22.943root 11241100x8000000000000000652376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892245179a0f33b52021-12-21 12:20:22.944root 11241100x8000000000000000652377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0fdb2cf3ac18962021-12-21 12:20:22.944root 11241100x8000000000000000652378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6c43a6df098e5b2021-12-21 12:20:22.944root 11241100x8000000000000000652379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869e9776d4e4172f2021-12-21 12:20:22.944root 11241100x8000000000000000652380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b8de4e40eaa47d2021-12-21 12:20:22.944root 11241100x8000000000000000652381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27568ec8a9790f72021-12-21 12:20:22.944root 11241100x8000000000000000652382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6229ec77707267ff2021-12-21 12:20:22.944root 11241100x8000000000000000652383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cf69c0a276d8882021-12-21 12:20:22.944root 11241100x8000000000000000652384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2a45d836af1eb52021-12-21 12:20:22.944root 11241100x8000000000000000652385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad06aba28cf0788f2021-12-21 12:20:22.944root 11241100x8000000000000000652386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5f8df2de4c42382021-12-21 12:20:22.944root 11241100x8000000000000000652387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6780e8d89c6508a02021-12-21 12:20:22.944root 11241100x8000000000000000652388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53438819ed3bb5482021-12-21 12:20:22.944root 11241100x8000000000000000652389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c8aed7eae49c992021-12-21 12:20:22.945root 11241100x8000000000000000652390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11632a18732216672021-12-21 12:20:22.945root 11241100x8000000000000000652391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4dc8e5923c46fa82021-12-21 12:20:22.945root 11241100x8000000000000000652392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9916ca1904503062021-12-21 12:20:23.443root 11241100x8000000000000000652393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b41d239d1bb47022021-12-21 12:20:23.443root 11241100x8000000000000000652394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf8f1d85a3d0e0c2021-12-21 12:20:23.444root 11241100x8000000000000000652395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df561794ba3ac5a22021-12-21 12:20:23.444root 11241100x8000000000000000652396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15964e67242578a2021-12-21 12:20:23.444root 11241100x8000000000000000652397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e9d503dbdaa7a22021-12-21 12:20:23.444root 11241100x8000000000000000652398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b7d1529aae85ef2021-12-21 12:20:23.445root 11241100x8000000000000000652399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799158c5d33633f72021-12-21 12:20:23.445root 11241100x8000000000000000652400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f623b5de62e2582021-12-21 12:20:23.445root 11241100x8000000000000000652401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a55dbd5a2e15fbe2021-12-21 12:20:23.445root 11241100x8000000000000000652402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cf90dd636ad69f2021-12-21 12:20:23.445root 11241100x8000000000000000652403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b133869407a27a2021-12-21 12:20:23.445root 11241100x8000000000000000652404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d80768fd16538392021-12-21 12:20:23.446root 11241100x8000000000000000652405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8943c00bb6457aa62021-12-21 12:20:23.446root 11241100x8000000000000000652406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5862e022e6223b2021-12-21 12:20:23.446root 11241100x8000000000000000652407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c020f03cc67d13442021-12-21 12:20:23.446root 11241100x8000000000000000652408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a947107afe208dd42021-12-21 12:20:23.446root 11241100x8000000000000000652409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00bdcedc993f1192021-12-21 12:20:23.446root 11241100x8000000000000000652410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46923f848d6595882021-12-21 12:20:23.447root 11241100x8000000000000000652411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b220ced68b29c0bd2021-12-21 12:20:23.943root 11241100x8000000000000000652412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bc993cd977869c2021-12-21 12:20:23.943root 11241100x8000000000000000652413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fddbfc981618462021-12-21 12:20:23.943root 11241100x8000000000000000652414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7494175f68459572021-12-21 12:20:23.943root 11241100x8000000000000000652415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1934d9f566f96b32021-12-21 12:20:23.944root 11241100x8000000000000000652416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd9126f63dd24902021-12-21 12:20:23.944root 11241100x8000000000000000652417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d0b820e06e1cc62021-12-21 12:20:23.944root 11241100x8000000000000000652418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea2296d19b1b34e2021-12-21 12:20:23.944root 11241100x8000000000000000652419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232ca7e06b88bbc42021-12-21 12:20:23.944root 11241100x8000000000000000652420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1972f35b152390732021-12-21 12:20:23.944root 11241100x8000000000000000652421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fefcc432a5dd1d42021-12-21 12:20:23.944root 11241100x8000000000000000652422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b54c4479c416032021-12-21 12:20:23.944root 11241100x8000000000000000652423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3cbd965c736e5a2021-12-21 12:20:23.944root 11241100x8000000000000000652424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51dffe57af04dea92021-12-21 12:20:23.944root 11241100x8000000000000000652425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c562a5c62b7bd8822021-12-21 12:20:23.944root 11241100x8000000000000000652426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56924ac0051b54092021-12-21 12:20:23.944root 11241100x8000000000000000652427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8a69657c9b40c62021-12-21 12:20:23.944root 11241100x8000000000000000652428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ab56084237c6fb2021-12-21 12:20:23.944root 11241100x8000000000000000652429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6b7334cc4843662021-12-21 12:20:23.944root 11241100x8000000000000000652430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6aa1d02269b0fc2021-12-21 12:20:24.443root 11241100x8000000000000000652431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7d2eee833c19b12021-12-21 12:20:24.443root 11241100x8000000000000000652432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e196b7166bbff12021-12-21 12:20:24.443root 11241100x8000000000000000652433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7aaa731b81c0be62021-12-21 12:20:24.443root 11241100x8000000000000000652434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f6b07ea2df7be52021-12-21 12:20:24.444root 11241100x8000000000000000652435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84997be319cc90b2021-12-21 12:20:24.444root 11241100x8000000000000000652436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1181c07307b316762021-12-21 12:20:24.444root 11241100x8000000000000000652437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f005646776f5f62021-12-21 12:20:24.444root 11241100x8000000000000000652438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ed1faaff8d38f82021-12-21 12:20:24.444root 11241100x8000000000000000652439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5052cc1ddabbc3912021-12-21 12:20:24.444root 11241100x8000000000000000652440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92dd03171c1d988a2021-12-21 12:20:24.444root 11241100x8000000000000000652441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab49de18ad5ad27a2021-12-21 12:20:24.444root 11241100x8000000000000000652442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6348d4021a47c7c22021-12-21 12:20:24.444root 11241100x8000000000000000652443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af2797cc8619ff52021-12-21 12:20:24.444root 11241100x8000000000000000652444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbfa6865ec350c12021-12-21 12:20:24.444root 11241100x8000000000000000652445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54ce59f8a0c6e7d2021-12-21 12:20:24.444root 11241100x8000000000000000652446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525f7af9cfd608992021-12-21 12:20:24.445root 11241100x8000000000000000652447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8902b23fef8f7162021-12-21 12:20:24.445root 11241100x8000000000000000652448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf67699e14a9eea2021-12-21 12:20:24.445root 11241100x8000000000000000652449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941c1b2992a838f32021-12-21 12:20:24.943root 11241100x8000000000000000652450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a824695862fa90672021-12-21 12:20:24.943root 11241100x8000000000000000652451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303352a6bd87fc7a2021-12-21 12:20:24.943root 11241100x8000000000000000652452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c1f6687a3596b32021-12-21 12:20:24.943root 11241100x8000000000000000652453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc55ef0f052d0312021-12-21 12:20:24.944root 11241100x8000000000000000652454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96b3383b60e17a52021-12-21 12:20:24.944root 11241100x8000000000000000652455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d293477eab1397d2021-12-21 12:20:24.944root 11241100x8000000000000000652456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24734159c9faaeb92021-12-21 12:20:24.944root 11241100x8000000000000000652457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cd06f4d4c2aa9d2021-12-21 12:20:24.944root 11241100x8000000000000000652458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759a8c34db441cd52021-12-21 12:20:24.944root 11241100x8000000000000000652459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8a3a09b695167e2021-12-21 12:20:24.944root 11241100x8000000000000000652460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930c7dfdceafbccc2021-12-21 12:20:24.945root 11241100x8000000000000000652461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edf62c34c7d4b572021-12-21 12:20:24.945root 11241100x8000000000000000652462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309b29de72f50a112021-12-21 12:20:24.945root 11241100x8000000000000000652463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678c54a3a84afa8d2021-12-21 12:20:24.945root 11241100x8000000000000000652464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd0c916f40d3aa22021-12-21 12:20:24.945root 11241100x8000000000000000652465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e494d9340fe4b8352021-12-21 12:20:24.945root 11241100x8000000000000000652466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf86f346b2cca842021-12-21 12:20:24.945root 11241100x8000000000000000652467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c5068384e411452021-12-21 12:20:24.946root 354300x8000000000000000652468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.240{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49844-false10.0.1.12-8000- 11241100x8000000000000000652469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2392769def2a962021-12-21 12:20:25.241root 11241100x8000000000000000652470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44b8b75c4456ef52021-12-21 12:20:25.241root 11241100x8000000000000000652471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cbcb9edb362f6a2021-12-21 12:20:25.241root 11241100x8000000000000000652472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d24510fe54ee9f2021-12-21 12:20:25.241root 11241100x8000000000000000652473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4961d7a40719b6dc2021-12-21 12:20:25.242root 11241100x8000000000000000652474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b56baa26dbc2f02021-12-21 12:20:25.242root 11241100x8000000000000000652475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dc3a876213f2382021-12-21 12:20:25.242root 11241100x8000000000000000652476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d8aa87c93f25562021-12-21 12:20:25.242root 11241100x8000000000000000652477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6e1ce451ee28542021-12-21 12:20:25.242root 11241100x8000000000000000652478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce6bc51958e80b22021-12-21 12:20:25.243root 11241100x8000000000000000652479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9419aef1c3b781ec2021-12-21 12:20:25.243root 11241100x8000000000000000652480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e125b6c3f2fb7d902021-12-21 12:20:25.243root 11241100x8000000000000000652481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883453327042f7cc2021-12-21 12:20:25.243root 11241100x8000000000000000652482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd3b24e2eb2e3472021-12-21 12:20:25.243root 11241100x8000000000000000652483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcc575e97f190382021-12-21 12:20:25.243root 11241100x8000000000000000652484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5474180d1dd8d5f2021-12-21 12:20:25.243root 11241100x8000000000000000652485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe5c6a91a76caee2021-12-21 12:20:25.244root 11241100x8000000000000000652486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be78bbda0caf56cf2021-12-21 12:20:25.244root 11241100x8000000000000000652487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdc61ccb4a300422021-12-21 12:20:25.244root 11241100x8000000000000000652488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b53dd4660ea8752021-12-21 12:20:25.244root 11241100x8000000000000000652489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913afb3a4a6fa4dd2021-12-21 12:20:25.693root 11241100x8000000000000000652490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da23b6d346134b52021-12-21 12:20:25.693root 11241100x8000000000000000652491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fc2490e8d398692021-12-21 12:20:25.693root 11241100x8000000000000000652492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25d6fdcdaa45f072021-12-21 12:20:25.693root 11241100x8000000000000000652493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc3f4cf61d7870c2021-12-21 12:20:25.694root 11241100x8000000000000000652494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abce7b0d1203124b2021-12-21 12:20:25.694root 11241100x8000000000000000652495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dc163f84abd7de2021-12-21 12:20:25.694root 11241100x8000000000000000652496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3ab6423e68b6f12021-12-21 12:20:25.694root 11241100x8000000000000000652497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7353e65aaed6989d2021-12-21 12:20:25.694root 11241100x8000000000000000652498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276271c32ac18d6f2021-12-21 12:20:25.694root 11241100x8000000000000000652499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6a7d4de62867c82021-12-21 12:20:25.694root 11241100x8000000000000000652500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120b9510a762f26d2021-12-21 12:20:25.694root 11241100x8000000000000000652501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb71661e6e6f2f82021-12-21 12:20:25.694root 11241100x8000000000000000652502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59233db9ed05d4ed2021-12-21 12:20:25.694root 11241100x8000000000000000652503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029915d32fb9bfd52021-12-21 12:20:25.694root 11241100x8000000000000000652504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf7d683a2695fa92021-12-21 12:20:25.694root 11241100x8000000000000000652505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472c16efdd107fd62021-12-21 12:20:25.694root 11241100x8000000000000000652506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea84f1b4821e6262021-12-21 12:20:25.694root 11241100x8000000000000000652507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638f82b7648e41a72021-12-21 12:20:25.695root 11241100x8000000000000000652508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5d3e6aacb0474e2021-12-21 12:20:25.695root 354300x8000000000000000652509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.783{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-36910-false10.0.1.12-8089- 11241100x8000000000000000652510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9434b9dca054aa342021-12-21 12:20:26.193root 11241100x8000000000000000652511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1382293e93f8d5a92021-12-21 12:20:26.194root 11241100x8000000000000000652512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7807ed4d389f40c92021-12-21 12:20:26.194root 11241100x8000000000000000652513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2abe8f1f11085dd2021-12-21 12:20:26.194root 11241100x8000000000000000652514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffca2dc16dcf8a82021-12-21 12:20:26.194root 11241100x8000000000000000652515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99aabfb0e76e3b12021-12-21 12:20:26.194root 11241100x8000000000000000652516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcecb493465c669d2021-12-21 12:20:26.194root 11241100x8000000000000000652517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161de861eb98b7942021-12-21 12:20:26.194root 11241100x8000000000000000652518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5759555d0bf600d92021-12-21 12:20:26.194root 11241100x8000000000000000652519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6d6d0923f9e6122021-12-21 12:20:26.194root 11241100x8000000000000000652520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b61b3b1b4c34b782021-12-21 12:20:26.194root 11241100x8000000000000000652521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc73c7d20de880b82021-12-21 12:20:26.195root 11241100x8000000000000000652522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c425e7c56dd0452021-12-21 12:20:26.195root 11241100x8000000000000000652523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9188099b1130e22c2021-12-21 12:20:26.195root 11241100x8000000000000000652524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f66414df07e0f32021-12-21 12:20:26.195root 11241100x8000000000000000652525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7308ab375fb3d3af2021-12-21 12:20:26.195root 11241100x8000000000000000652526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51c5bd2467030e22021-12-21 12:20:26.195root 11241100x8000000000000000652527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20845af729a01b182021-12-21 12:20:26.195root 11241100x8000000000000000652528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a85757d759577662021-12-21 12:20:26.195root 11241100x8000000000000000652529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a228ab9a0579d4302021-12-21 12:20:26.195root 11241100x8000000000000000652530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d7a1dce70de1132021-12-21 12:20:26.195root 11241100x8000000000000000652531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5742dd99677ca65b2021-12-21 12:20:26.693root 11241100x8000000000000000652532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b241584cae81952021-12-21 12:20:26.693root 11241100x8000000000000000652533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15685f8a146b630b2021-12-21 12:20:26.694root 11241100x8000000000000000652534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f95a782d9e6a382021-12-21 12:20:26.694root 11241100x8000000000000000652535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68811afb5c2db58f2021-12-21 12:20:26.694root 11241100x8000000000000000652536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704257ece8633cf42021-12-21 12:20:26.694root 11241100x8000000000000000652537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b91b3e2b9dc8caf2021-12-21 12:20:26.694root 11241100x8000000000000000652538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2285a772c6f7c9f12021-12-21 12:20:26.694root 11241100x8000000000000000652539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65811eb1f1f090102021-12-21 12:20:26.694root 11241100x8000000000000000652540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746334b49a8344ba2021-12-21 12:20:26.695root 11241100x8000000000000000652541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3ad589ba808ac42021-12-21 12:20:26.695root 11241100x8000000000000000652542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e07b4ec5e3819fb2021-12-21 12:20:26.695root 11241100x8000000000000000652543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0654c7221346644b2021-12-21 12:20:26.695root 11241100x8000000000000000652544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c2097975c2fe7a2021-12-21 12:20:26.695root 11241100x8000000000000000652545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcc61920696d51a2021-12-21 12:20:26.695root 11241100x8000000000000000652546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7eecd80f4b64342021-12-21 12:20:26.695root 11241100x8000000000000000652547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea30001dc14a6b5e2021-12-21 12:20:26.695root 11241100x8000000000000000652548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e9e1766f8d47ce2021-12-21 12:20:26.696root 11241100x8000000000000000652549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33fa81c4b5068742021-12-21 12:20:26.696root 11241100x8000000000000000652550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bd51d34fc25be22021-12-21 12:20:26.696root 11241100x8000000000000000652551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df239f988702ca3a2021-12-21 12:20:26.696root 11241100x8000000000000000652552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22a1c082ddae2b82021-12-21 12:20:27.193root 11241100x8000000000000000652553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1781b155fd2a2f2021-12-21 12:20:27.194root 11241100x8000000000000000652554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c846f92cbabd7a212021-12-21 12:20:27.194root 11241100x8000000000000000652555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92aedc0e6aa589ec2021-12-21 12:20:27.194root 11241100x8000000000000000652556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95144d2c466a44982021-12-21 12:20:27.194root 11241100x8000000000000000652557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb964ce7eecd757b2021-12-21 12:20:27.194root 11241100x8000000000000000652558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b7052a3db57e622021-12-21 12:20:27.194root 11241100x8000000000000000652559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262753916ca3d4922021-12-21 12:20:27.195root 11241100x8000000000000000652560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617302c3fd5c83af2021-12-21 12:20:27.195root 11241100x8000000000000000652561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aee9d496f289cde2021-12-21 12:20:27.195root 11241100x8000000000000000652562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77baa03fa9170c862021-12-21 12:20:27.195root 11241100x8000000000000000652563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d15db553b343dd2021-12-21 12:20:27.195root 11241100x8000000000000000652564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5331c3a1338b742021-12-21 12:20:27.195root 11241100x8000000000000000652565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cb67dad79c86be2021-12-21 12:20:27.195root 11241100x8000000000000000652566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd725aa867070ba2021-12-21 12:20:27.195root 11241100x8000000000000000652567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaef54be40125d222021-12-21 12:20:27.195root 11241100x8000000000000000652568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c0eae2de00c8e92021-12-21 12:20:27.195root 11241100x8000000000000000652569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96194eed30c3f5822021-12-21 12:20:27.195root 11241100x8000000000000000652570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782c34ae7d87046f2021-12-21 12:20:27.195root 11241100x8000000000000000652571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4989084edee56672021-12-21 12:20:27.195root 11241100x8000000000000000652572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c16d88cea87cc02021-12-21 12:20:27.195root 11241100x8000000000000000652573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65482513a1524ed92021-12-21 12:20:27.693root 11241100x8000000000000000652574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c5cc00b88876e92021-12-21 12:20:27.693root 11241100x8000000000000000652575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e1edcbde64be3f2021-12-21 12:20:27.694root 11241100x8000000000000000652576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3f8c5213cbe4752021-12-21 12:20:27.694root 11241100x8000000000000000652577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c98f179472c3f412021-12-21 12:20:27.694root 11241100x8000000000000000652578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d969a6cb779b1d52021-12-21 12:20:27.694root 11241100x8000000000000000652579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20275d9875a0ae0e2021-12-21 12:20:27.694root 11241100x8000000000000000652580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd34cef34fc5d572021-12-21 12:20:27.694root 11241100x8000000000000000652581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a488f8c4c326a42021-12-21 12:20:27.694root 11241100x8000000000000000652582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92aa5714e2338c202021-12-21 12:20:27.694root 11241100x8000000000000000652583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6215d3d644be6f32021-12-21 12:20:27.694root 11241100x8000000000000000652584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9a99dcdb2aad8d2021-12-21 12:20:27.694root 11241100x8000000000000000652585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b71db21743781e2021-12-21 12:20:27.694root 11241100x8000000000000000652586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9551f1227a3517f42021-12-21 12:20:27.694root 11241100x8000000000000000652587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471c44b60f8c615c2021-12-21 12:20:27.694root 11241100x8000000000000000652588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a45a9707723a4d2021-12-21 12:20:27.695root 11241100x8000000000000000652589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3e09cf7d78919a2021-12-21 12:20:27.695root 11241100x8000000000000000652590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51411ac4b2e1544a2021-12-21 12:20:27.695root 11241100x8000000000000000652591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4325d02e79450d202021-12-21 12:20:27.695root 11241100x8000000000000000652592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5dbb8a688220a82021-12-21 12:20:27.695root 11241100x8000000000000000652593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29acc3e87fb3fda52021-12-21 12:20:27.695root 11241100x8000000000000000652594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c8872f5386aebe2021-12-21 12:20:28.193root 11241100x8000000000000000652595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ee9590c8486f212021-12-21 12:20:28.193root 11241100x8000000000000000652596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55945aee89033bb22021-12-21 12:20:28.193root 11241100x8000000000000000652597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa5637a92fc835c2021-12-21 12:20:28.194root 11241100x8000000000000000652598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b379269065608d2021-12-21 12:20:28.194root 11241100x8000000000000000652599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209ba1578b8b62d82021-12-21 12:20:28.194root 11241100x8000000000000000652600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35cb4999285261b2021-12-21 12:20:28.194root 11241100x8000000000000000652601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e827fc784fa237542021-12-21 12:20:28.194root 11241100x8000000000000000652602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e752b90434f2612021-12-21 12:20:28.194root 11241100x8000000000000000652603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcc493f395db0f62021-12-21 12:20:28.194root 11241100x8000000000000000652604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4afbfa25acf84f2021-12-21 12:20:28.194root 11241100x8000000000000000652605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609cda6909db86b72021-12-21 12:20:28.194root 11241100x8000000000000000652606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170c0e433ee1a80c2021-12-21 12:20:28.194root 11241100x8000000000000000652607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c5736d166227342021-12-21 12:20:28.194root 11241100x8000000000000000652608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca8fd5be6e5108a2021-12-21 12:20:28.194root 11241100x8000000000000000652609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9015a91f0e93e6542021-12-21 12:20:28.194root 11241100x8000000000000000652610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2282067b8728e22021-12-21 12:20:28.194root 11241100x8000000000000000652611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89223320ef4455272021-12-21 12:20:28.194root 11241100x8000000000000000652612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b1bf27820ceb612021-12-21 12:20:28.195root 11241100x8000000000000000652613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a5995d23c5a3c32021-12-21 12:20:28.195root 11241100x8000000000000000652614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de16711abf0c5cd12021-12-21 12:20:28.195root 11241100x8000000000000000652615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738ea53515e727032021-12-21 12:20:28.693root 11241100x8000000000000000652616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd07d1fcb00943d42021-12-21 12:20:28.693root 11241100x8000000000000000652617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2084274c971c14022021-12-21 12:20:28.693root 11241100x8000000000000000652618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6e7560dea2b6522021-12-21 12:20:28.694root 11241100x8000000000000000652619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e638689f2a3b2072021-12-21 12:20:28.694root 11241100x8000000000000000652620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845c6b20d85951712021-12-21 12:20:28.694root 11241100x8000000000000000652621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1702882a8df66fe2021-12-21 12:20:28.694root 11241100x8000000000000000652622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292ed65a552798272021-12-21 12:20:28.694root 11241100x8000000000000000652623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8469358f03e650c32021-12-21 12:20:28.694root 11241100x8000000000000000652624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9737f62134bf4f9c2021-12-21 12:20:28.694root 11241100x8000000000000000652625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e7cc26596f95732021-12-21 12:20:28.694root 11241100x8000000000000000652626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3700e923823a089d2021-12-21 12:20:28.694root 11241100x8000000000000000652627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994797c828eca6412021-12-21 12:20:28.694root 11241100x8000000000000000652628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868f69aebbe74a4e2021-12-21 12:20:28.694root 11241100x8000000000000000652629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa952ab83f089692021-12-21 12:20:28.695root 11241100x8000000000000000652630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c269cade871a958d2021-12-21 12:20:28.695root 11241100x8000000000000000652631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a900788253184c2021-12-21 12:20:28.695root 11241100x8000000000000000652632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac12c5a262b33a92021-12-21 12:20:28.695root 11241100x8000000000000000652633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c69c681f3f06e2e2021-12-21 12:20:28.695root 11241100x8000000000000000652634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9108d3d507c3b09d2021-12-21 12:20:28.695root 11241100x8000000000000000652635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73522ee4d3af8fa72021-12-21 12:20:28.695root 11241100x8000000000000000652636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7f9c8d5e837ed12021-12-21 12:20:29.193root 11241100x8000000000000000652637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcad246ac7344b62021-12-21 12:20:29.193root 11241100x8000000000000000652638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f022789d68c54a92021-12-21 12:20:29.193root 11241100x8000000000000000652639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8246384bc92d962021-12-21 12:20:29.193root 11241100x8000000000000000652640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77991cacce0d5b12021-12-21 12:20:29.194root 11241100x8000000000000000652641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1789f51560c6af2021-12-21 12:20:29.194root 11241100x8000000000000000652642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2ba34079d44e632021-12-21 12:20:29.194root 11241100x8000000000000000652643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9252b9eabc3e6f132021-12-21 12:20:29.194root 11241100x8000000000000000652644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4992957a457887f2021-12-21 12:20:29.194root 11241100x8000000000000000652645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b895ae64ccf6c82021-12-21 12:20:29.194root 11241100x8000000000000000652646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599b94a21a2f4c832021-12-21 12:20:29.194root 11241100x8000000000000000652647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a44375debae898b2021-12-21 12:20:29.194root 11241100x8000000000000000652648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120eb8d1addc99bf2021-12-21 12:20:29.194root 11241100x8000000000000000652649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555494c180dfe35d2021-12-21 12:20:29.194root 11241100x8000000000000000652650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cd63b98c9a3e842021-12-21 12:20:29.195root 11241100x8000000000000000652651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382709eeb8dcbf7c2021-12-21 12:20:29.195root 11241100x8000000000000000652652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c105439c1072ab92021-12-21 12:20:29.195root 11241100x8000000000000000652653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a231aea69c2a4e22021-12-21 12:20:29.195root 11241100x8000000000000000652654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff986c3789356702021-12-21 12:20:29.195root 11241100x8000000000000000652655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629d58581cb6d0802021-12-21 12:20:29.195root 11241100x8000000000000000652656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff2af96a8d2354c2021-12-21 12:20:29.195root 11241100x8000000000000000652657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33bd8d0aed544e92021-12-21 12:20:29.693root 11241100x8000000000000000652658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee92dc571bbb3932021-12-21 12:20:29.693root 11241100x8000000000000000652659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2007924a487ee3682021-12-21 12:20:29.693root 11241100x8000000000000000652660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f51ad72e682fba52021-12-21 12:20:29.694root 11241100x8000000000000000652661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0c05bd0c6d9b1c2021-12-21 12:20:29.694root 11241100x8000000000000000652662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18446dd707de7c9a2021-12-21 12:20:29.694root 11241100x8000000000000000652663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c2edb4d256f6102021-12-21 12:20:29.694root 11241100x8000000000000000652664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76631535a2033fb2021-12-21 12:20:29.694root 11241100x8000000000000000652665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d25528304c4c96f2021-12-21 12:20:29.694root 11241100x8000000000000000652666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0140e56da90b762021-12-21 12:20:29.694root 11241100x8000000000000000652667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b89e6fc5c214b702021-12-21 12:20:29.694root 11241100x8000000000000000652668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d26be4cf5e9cd292021-12-21 12:20:29.694root 11241100x8000000000000000652669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989c97abeac91f3a2021-12-21 12:20:29.694root 11241100x8000000000000000652670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842846c7a697009d2021-12-21 12:20:29.695root 11241100x8000000000000000652671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be44f6120b01be5c2021-12-21 12:20:29.695root 11241100x8000000000000000652672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217e987b48349f442021-12-21 12:20:29.695root 11241100x8000000000000000652673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f93d89bb4e0ac72021-12-21 12:20:29.695root 11241100x8000000000000000652674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e09436da3f6f992021-12-21 12:20:29.695root 11241100x8000000000000000652675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef1dff49711de2f2021-12-21 12:20:29.695root 11241100x8000000000000000652676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164b49496e7caec82021-12-21 12:20:29.695root 11241100x8000000000000000652677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0755d7ad0585717f2021-12-21 12:20:29.696root 11241100x8000000000000000652678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774b9bf36ab071452021-12-21 12:20:30.193root 11241100x8000000000000000652679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036188d41c9887e02021-12-21 12:20:30.193root 11241100x8000000000000000652680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04baba13614ee792021-12-21 12:20:30.193root 11241100x8000000000000000652681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d580ff13ae01d32021-12-21 12:20:30.193root 11241100x8000000000000000652682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bc604c5b52009d2021-12-21 12:20:30.193root 11241100x8000000000000000652683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc8d4d13c4f68ca2021-12-21 12:20:30.193root 11241100x8000000000000000652684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6c9826aa714d562021-12-21 12:20:30.193root 11241100x8000000000000000652685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fcd55b1fec8c982021-12-21 12:20:30.193root 11241100x8000000000000000652686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebac4c61250d8a52021-12-21 12:20:30.193root 11241100x8000000000000000652687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2464e8cbda8d0712021-12-21 12:20:30.193root 11241100x8000000000000000652688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c966ede7e256aa832021-12-21 12:20:30.193root 11241100x8000000000000000652689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b8d1c4fb14f18d2021-12-21 12:20:30.194root 11241100x8000000000000000652690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71470783bb8cc7f32021-12-21 12:20:30.194root 11241100x8000000000000000652691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16feda7f4e1fdbd12021-12-21 12:20:30.194root 11241100x8000000000000000652692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57617945555072532021-12-21 12:20:30.194root 11241100x8000000000000000652693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33e38f6c9b314fb2021-12-21 12:20:30.194root 11241100x8000000000000000652694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e239e6300f986c112021-12-21 12:20:30.194root 11241100x8000000000000000652695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb4b828e776f05c2021-12-21 12:20:30.196root 11241100x8000000000000000652696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253c0cff392c8c5d2021-12-21 12:20:30.196root 11241100x8000000000000000652697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4ddf37a20f503a2021-12-21 12:20:30.196root 11241100x8000000000000000652698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b0811daa29546a2021-12-21 12:20:30.197root 11241100x8000000000000000652699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1fce5554dc63e52021-12-21 12:20:30.197root 11241100x8000000000000000652700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dca07434dcd09152021-12-21 12:20:30.197root 11241100x8000000000000000652701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ac6cafb31a6fc22021-12-21 12:20:30.197root 11241100x8000000000000000652702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9849ea6a3bafd4752021-12-21 12:20:30.197root 11241100x8000000000000000652703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ee8e0929d04fc52021-12-21 12:20:30.197root 11241100x8000000000000000652704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5913b59e56df7a7f2021-12-21 12:20:30.199root 11241100x8000000000000000652705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73a7e45bccdfe9f2021-12-21 12:20:30.199root 11241100x8000000000000000652706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30acdad07ee1bdc2021-12-21 12:20:30.200root 11241100x8000000000000000652707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fcf83f1764a7402021-12-21 12:20:30.200root 11241100x8000000000000000652708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad40a07b2fbfe412021-12-21 12:20:30.200root 11241100x8000000000000000652709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ed8ff724a54e992021-12-21 12:20:30.200root 11241100x8000000000000000652710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d978421751d16d2021-12-21 12:20:30.200root 11241100x8000000000000000652711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ac860efd7df7072021-12-21 12:20:30.200root 11241100x8000000000000000652712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a770326cf88dc4142021-12-21 12:20:30.200root 11241100x8000000000000000652713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ef712364efb2f32021-12-21 12:20:30.201root 11241100x8000000000000000652714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f559126ab437ca2021-12-21 12:20:30.201root 11241100x8000000000000000652715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0095c4b6378d82052021-12-21 12:20:30.202root 11241100x8000000000000000652716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafed617748259b02021-12-21 12:20:30.202root 11241100x8000000000000000652717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16c552c4b1af1f12021-12-21 12:20:30.203root 11241100x8000000000000000652718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddf1c20d11500172021-12-21 12:20:30.203root 11241100x8000000000000000652719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bff18d6e209a452021-12-21 12:20:30.203root 11241100x8000000000000000652720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa6dd0d3c06f04e2021-12-21 12:20:30.203root 11241100x8000000000000000652721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf861f2c85f893672021-12-21 12:20:30.203root 11241100x8000000000000000652722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64db19bf6c02b582021-12-21 12:20:30.203root 11241100x8000000000000000652723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a5fb5a78e8b1f32021-12-21 12:20:30.203root 11241100x8000000000000000652724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a61a3834d5a37082021-12-21 12:20:30.203root 11241100x8000000000000000652725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a57c525f07da782021-12-21 12:20:30.693root 11241100x8000000000000000652726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a6fd44572c4d862021-12-21 12:20:30.693root 11241100x8000000000000000652727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764a0d62e103cd1b2021-12-21 12:20:30.693root 11241100x8000000000000000652728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96c5ccffc3229602021-12-21 12:20:30.693root 11241100x8000000000000000652729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fc3b8014c8f4722021-12-21 12:20:30.693root 11241100x8000000000000000652730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac395fa388f71ef42021-12-21 12:20:30.694root 11241100x8000000000000000652731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfda0606f75e4db42021-12-21 12:20:30.694root 11241100x8000000000000000652732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d6ddd740d55e5e2021-12-21 12:20:30.694root 11241100x8000000000000000652733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3d954a6015dc6b2021-12-21 12:20:30.694root 11241100x8000000000000000652734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a8b6d4de91711a2021-12-21 12:20:30.694root 11241100x8000000000000000652735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bb0af5d1e2c7162021-12-21 12:20:30.694root 11241100x8000000000000000652736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e25f39c69ad46782021-12-21 12:20:30.694root 11241100x8000000000000000652737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118ca5443c7164882021-12-21 12:20:30.694root 11241100x8000000000000000652738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b7c98e3b211be72021-12-21 12:20:30.694root 11241100x8000000000000000652739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61a284e01b226962021-12-21 12:20:30.694root 11241100x8000000000000000652740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb06223fd1e5e452021-12-21 12:20:30.694root 11241100x8000000000000000652741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5150fcebc4acaafa2021-12-21 12:20:30.695root 11241100x8000000000000000652742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe58271a9718b3582021-12-21 12:20:30.695root 11241100x8000000000000000652743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8803e10323a2e8a2021-12-21 12:20:30.695root 11241100x8000000000000000652744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30878ba27d3f54d42021-12-21 12:20:30.695root 11241100x8000000000000000652745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8d44bb0d6170932021-12-21 12:20:30.695root 354300x8000000000000000652746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.077{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49848-false10.0.1.12-8000- 11241100x8000000000000000652747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df181d72707398e02021-12-21 12:20:31.077root 11241100x8000000000000000652748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81482c22b3be7c0f2021-12-21 12:20:31.078root 11241100x8000000000000000652749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fd275e2c31e5c32021-12-21 12:20:31.078root 11241100x8000000000000000652750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebe7b23b7bc2fd52021-12-21 12:20:31.078root 11241100x8000000000000000652751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365e602cbf2f1e3a2021-12-21 12:20:31.078root 11241100x8000000000000000652752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd38c78ec15964d2021-12-21 12:20:31.078root 11241100x8000000000000000652753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04613a1707747f722021-12-21 12:20:31.078root 11241100x8000000000000000652754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522a56ed5765e3902021-12-21 12:20:31.078root 11241100x8000000000000000652755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371d5c70aaebf90c2021-12-21 12:20:31.078root 11241100x8000000000000000652756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400408463e4e64292021-12-21 12:20:31.078root 11241100x8000000000000000652757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa0951eaf9f92ec2021-12-21 12:20:31.078root 11241100x8000000000000000652758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b0b1b6880d59162021-12-21 12:20:31.078root 11241100x8000000000000000652759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.079{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368d603526b2d1462021-12-21 12:20:31.079root 11241100x8000000000000000652760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.079{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656dd912a8e540762021-12-21 12:20:31.079root 11241100x8000000000000000652761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.079{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a05218077e680832021-12-21 12:20:31.079root 11241100x8000000000000000652762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.079{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2870e02e86f16cec2021-12-21 12:20:31.079root 11241100x8000000000000000652763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.079{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a1ea92d27b11982021-12-21 12:20:31.079root 11241100x8000000000000000652764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5ded31f879fa912021-12-21 12:20:31.080root 11241100x8000000000000000652765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf80927b8fed2182021-12-21 12:20:31.080root 11241100x8000000000000000652766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a34d1ac61b8e3802021-12-21 12:20:31.080root 11241100x8000000000000000652767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe38b171916184952021-12-21 12:20:31.080root 11241100x8000000000000000652768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c173644444da562021-12-21 12:20:31.080root 11241100x8000000000000000652769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c8ac8bbe9734012021-12-21 12:20:31.080root 11241100x8000000000000000652770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738ed6743f5833e32021-12-21 12:20:31.080root 11241100x8000000000000000652771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef22eaa70f3cc9b52021-12-21 12:20:31.080root 11241100x8000000000000000652772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c7f4d87441d44d2021-12-21 12:20:31.080root 11241100x8000000000000000652773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db66fa801d354372021-12-21 12:20:31.080root 11241100x8000000000000000652774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eaf1c1940a255612021-12-21 12:20:31.080root 11241100x8000000000000000652775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16062c8971ea662c2021-12-21 12:20:31.443root 11241100x8000000000000000652776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ac45ba25b7c76d2021-12-21 12:20:31.443root 11241100x8000000000000000652777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2322314861cb352021-12-21 12:20:31.443root 11241100x8000000000000000652778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4f03fd8397831c2021-12-21 12:20:31.443root 11241100x8000000000000000652779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ea1e3407df90d02021-12-21 12:20:31.443root 11241100x8000000000000000652780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63300596df47796a2021-12-21 12:20:31.443root 11241100x8000000000000000652781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13345dc83d0b53b52021-12-21 12:20:31.443root 11241100x8000000000000000652782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15daea1e0d4c8b732021-12-21 12:20:31.443root 11241100x8000000000000000652783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c278ae75a988af02021-12-21 12:20:31.443root 11241100x8000000000000000652784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b833fee3c594452021-12-21 12:20:31.443root 11241100x8000000000000000652785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e4c10a63cb3ed32021-12-21 12:20:31.443root 11241100x8000000000000000652786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f30434c9f1955a2021-12-21 12:20:31.444root 11241100x8000000000000000652787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6214a9f642b2b4a32021-12-21 12:20:31.444root 11241100x8000000000000000652788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec884bd767e2e642021-12-21 12:20:31.444root 11241100x8000000000000000652789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00eafdfec96a8c52021-12-21 12:20:31.444root 11241100x8000000000000000652790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c787a9c395eb62a2021-12-21 12:20:31.444root 11241100x8000000000000000652791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92f1d15456829502021-12-21 12:20:31.444root 11241100x8000000000000000652792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c89db469ed711062021-12-21 12:20:31.445root 11241100x8000000000000000652793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa31063ae3440982021-12-21 12:20:31.445root 11241100x8000000000000000652794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066318e26178b52e2021-12-21 12:20:31.445root 11241100x8000000000000000652795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d87c7dc6576e8572021-12-21 12:20:31.445root 11241100x8000000000000000652796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3b22e9180def9b2021-12-21 12:20:31.445root 11241100x8000000000000000652797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a671957bf3fa858e2021-12-21 12:20:31.445root 11241100x8000000000000000652798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb5729feaf799b22021-12-21 12:20:31.446root 11241100x8000000000000000652799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94dcba6cc0a3ffc2021-12-21 12:20:31.943root 11241100x8000000000000000652800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc66cd071e493e72021-12-21 12:20:31.943root 11241100x8000000000000000652801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bdb598ecd9bae52021-12-21 12:20:31.943root 11241100x8000000000000000652802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84c6697badcce1b2021-12-21 12:20:31.943root 11241100x8000000000000000652803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108feab728b3e3ed2021-12-21 12:20:31.944root 11241100x8000000000000000652804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86069e1e468d8342021-12-21 12:20:31.944root 11241100x8000000000000000652805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44acc46135d6b59d2021-12-21 12:20:31.944root 11241100x8000000000000000652806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac3cd2d072b0f9c2021-12-21 12:20:31.944root 11241100x8000000000000000652807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa92788e6e5d7a4c2021-12-21 12:20:31.944root 11241100x8000000000000000652808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5e3e8c8738606c2021-12-21 12:20:31.944root 11241100x8000000000000000652809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ab287d50dc5cd52021-12-21 12:20:31.944root 11241100x8000000000000000652810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac08958ed0876562021-12-21 12:20:31.944root 11241100x8000000000000000652811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0500afc807e50c3d2021-12-21 12:20:31.944root 11241100x8000000000000000652812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ae987bf9bec00b2021-12-21 12:20:31.944root 11241100x8000000000000000652813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67f0c34ae3c5e9c2021-12-21 12:20:31.944root 11241100x8000000000000000652814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161ad19942bd70972021-12-21 12:20:31.945root 11241100x8000000000000000652815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d634a4eb37ca36b32021-12-21 12:20:31.945root 11241100x8000000000000000652816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64697fd12ee4e9f22021-12-21 12:20:31.945root 11241100x8000000000000000652817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8ee9f6d27275dc2021-12-21 12:20:31.945root 11241100x8000000000000000652818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8ef129f323f7df2021-12-21 12:20:31.945root 11241100x8000000000000000652819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5919682e085986ed2021-12-21 12:20:31.945root 11241100x8000000000000000652820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d7ccaaf176b6a72021-12-21 12:20:31.945root 11241100x8000000000000000652821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae76073a93552d52021-12-21 12:20:32.443root 11241100x8000000000000000652822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5839023c842de4582021-12-21 12:20:32.443root 11241100x8000000000000000652823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968b1ab4948645e72021-12-21 12:20:32.443root 11241100x8000000000000000652824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f9391ce42f00b52021-12-21 12:20:32.443root 11241100x8000000000000000652825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9ad9be138798492021-12-21 12:20:32.444root 11241100x8000000000000000652826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8be9b48bd088e52021-12-21 12:20:32.444root 11241100x8000000000000000652827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcb67b2704b6e8e2021-12-21 12:20:32.444root 11241100x8000000000000000652828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560f2ecb9637239e2021-12-21 12:20:32.444root 11241100x8000000000000000652829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9483a5db8f8206d2021-12-21 12:20:32.444root 11241100x8000000000000000652830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c053c8874622b9e2021-12-21 12:20:32.444root 11241100x8000000000000000652831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8217662e5f80bb4c2021-12-21 12:20:32.444root 11241100x8000000000000000652832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26f56727cdd7e6e2021-12-21 12:20:32.445root 11241100x8000000000000000652833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72167d1ff0ccacad2021-12-21 12:20:32.445root 11241100x8000000000000000652834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0ecb7239aef08d2021-12-21 12:20:32.445root 11241100x8000000000000000652835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5075089b0b3675b62021-12-21 12:20:32.445root 11241100x8000000000000000652836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79243b953e49b7682021-12-21 12:20:32.445root 11241100x8000000000000000652837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63095da1567b8ee2021-12-21 12:20:32.445root 11241100x8000000000000000652838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9aff7376de49f12021-12-21 12:20:32.445root 11241100x8000000000000000652839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be074282767bae952021-12-21 12:20:32.445root 11241100x8000000000000000652840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a8b8eccb28adc42021-12-21 12:20:32.445root 11241100x8000000000000000652841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f96cdcbd46326542021-12-21 12:20:32.445root 11241100x8000000000000000652842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c504e0676b785e692021-12-21 12:20:32.445root 11241100x8000000000000000652843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e47f6dbb512f212021-12-21 12:20:32.445root 11241100x8000000000000000652844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7df82d33f86147b2021-12-21 12:20:32.445root 11241100x8000000000000000652845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db268b6f1090e69c2021-12-21 12:20:32.445root 11241100x8000000000000000652846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35daeabb49cd2d852021-12-21 12:20:32.943root 11241100x8000000000000000652847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70418bdc837c30a62021-12-21 12:20:32.943root 11241100x8000000000000000652848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a0dc0e7ab32ee52021-12-21 12:20:32.943root 11241100x8000000000000000652849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd97aebdcac358f2021-12-21 12:20:32.943root 11241100x8000000000000000652850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c915c34a4951f3572021-12-21 12:20:32.943root 11241100x8000000000000000652851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9476edbd6de8ad692021-12-21 12:20:32.943root 11241100x8000000000000000652852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33202372badf74b2021-12-21 12:20:32.943root 11241100x8000000000000000652853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409392c78d1ea77d2021-12-21 12:20:32.944root 11241100x8000000000000000652854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0619e2e5e30325e22021-12-21 12:20:32.944root 11241100x8000000000000000652855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc21f14a6b547e92021-12-21 12:20:32.944root 11241100x8000000000000000652856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2f0402be37ac922021-12-21 12:20:32.945root 11241100x8000000000000000652857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7247ab7d033fa6152021-12-21 12:20:32.945root 11241100x8000000000000000652858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d14e6bf93174e662021-12-21 12:20:32.945root 11241100x8000000000000000652859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb9e20d5f9cd0c12021-12-21 12:20:32.945root 11241100x8000000000000000652860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0cacad2d2c86282021-12-21 12:20:32.945root 11241100x8000000000000000652861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4939d3fbc9960f0d2021-12-21 12:20:32.945root 11241100x8000000000000000652862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570e305606ca9fe52021-12-21 12:20:32.945root 11241100x8000000000000000652863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6527ae55391a42522021-12-21 12:20:32.946root 11241100x8000000000000000652864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af70090b575c824b2021-12-21 12:20:32.946root 11241100x8000000000000000652865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c53b3dd815d05a02021-12-21 12:20:32.946root 11241100x8000000000000000652866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cf6465f01da58e2021-12-21 12:20:32.946root 11241100x8000000000000000652867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d21d979d3848a112021-12-21 12:20:32.946root 11241100x8000000000000000652868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc292ebd260a5cb2021-12-21 12:20:32.946root 11241100x8000000000000000652869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a5a465b4d583192021-12-21 12:20:32.946root 11241100x8000000000000000652870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9106c1d0a4b08bae2021-12-21 12:20:33.443root 11241100x8000000000000000652871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1233dc6b5d593962021-12-21 12:20:33.443root 11241100x8000000000000000652872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e20fd0b9c5cb332021-12-21 12:20:33.443root 11241100x8000000000000000652873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adc1c99fac270c52021-12-21 12:20:33.443root 11241100x8000000000000000652874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b295f811b1fe4b242021-12-21 12:20:33.444root 11241100x8000000000000000652875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084f9eeb9aa118162021-12-21 12:20:33.444root 11241100x8000000000000000652876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3b4a8e23bead6b2021-12-21 12:20:33.444root 11241100x8000000000000000652877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554ec3be988e10042021-12-21 12:20:33.444root 11241100x8000000000000000652878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f606cb73e0fde8172021-12-21 12:20:33.444root 11241100x8000000000000000652879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ab3e9608c21d942021-12-21 12:20:33.444root 11241100x8000000000000000652880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409dd0c5202d03682021-12-21 12:20:33.444root 11241100x8000000000000000652881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ff0044cd78c09c2021-12-21 12:20:33.444root 11241100x8000000000000000652882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a95cb4f7b6500962021-12-21 12:20:33.444root 11241100x8000000000000000652883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76054f7de28f583d2021-12-21 12:20:33.444root 11241100x8000000000000000652884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe0bc77d18c32f42021-12-21 12:20:33.444root 11241100x8000000000000000652885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850421f13fc8aac22021-12-21 12:20:33.444root 11241100x8000000000000000652886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f118e118f937cd7e2021-12-21 12:20:33.444root 11241100x8000000000000000652887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbff5c765b1fca42021-12-21 12:20:33.445root 11241100x8000000000000000652888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27abffeed43509672021-12-21 12:20:33.445root 11241100x8000000000000000652889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abb4c758ab302e42021-12-21 12:20:33.445root 11241100x8000000000000000652890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d6138ba40807492021-12-21 12:20:33.445root 11241100x8000000000000000652891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68987bfb0428f8932021-12-21 12:20:33.445root 11241100x8000000000000000652892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13add86c2525d6e2021-12-21 12:20:33.943root 11241100x8000000000000000652893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4507c82a59ba872021-12-21 12:20:33.943root 11241100x8000000000000000652894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412488bd9ce4e0de2021-12-21 12:20:33.943root 11241100x8000000000000000652895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71ea0980fa7ca972021-12-21 12:20:33.943root 11241100x8000000000000000652896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53f316c2e8414ae2021-12-21 12:20:33.943root 11241100x8000000000000000652897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493ef8a50ef4d7fa2021-12-21 12:20:33.943root 11241100x8000000000000000652898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8397f8ee058d3112021-12-21 12:20:33.943root 11241100x8000000000000000652899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b503eeddd1cf4c82021-12-21 12:20:33.944root 11241100x8000000000000000652900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9dbe14a28fcd492021-12-21 12:20:33.944root 11241100x8000000000000000652901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d96c0089c6cbfe62021-12-21 12:20:33.944root 11241100x8000000000000000652902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7803e6c9267bfecb2021-12-21 12:20:33.944root 11241100x8000000000000000652903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f973948461ff842021-12-21 12:20:33.944root 11241100x8000000000000000652904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09aa2136bd5670b2021-12-21 12:20:33.944root 11241100x8000000000000000652905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249b9316a9a4dad32021-12-21 12:20:33.944root 11241100x8000000000000000652906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0936f7dc11e35742021-12-21 12:20:33.945root 11241100x8000000000000000652907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef46dde1c0b760f22021-12-21 12:20:33.945root 11241100x8000000000000000652908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6ba29fc38854992021-12-21 12:20:33.945root 11241100x8000000000000000652909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420375e89934cdea2021-12-21 12:20:33.945root 11241100x8000000000000000652910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9734428c2d1ec662021-12-21 12:20:33.945root 11241100x8000000000000000652911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82fa1c3299e918d2021-12-21 12:20:33.945root 11241100x8000000000000000652912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a384bd5127d7832021-12-21 12:20:33.946root 11241100x8000000000000000652913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35316659bb07b79c2021-12-21 12:20:33.946root 11241100x8000000000000000652914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b73aa364f8f48bc2021-12-21 12:20:34.443root 11241100x8000000000000000652915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe66387099db1b32021-12-21 12:20:34.443root 11241100x8000000000000000652916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9903a97180c6f22021-12-21 12:20:34.443root 11241100x8000000000000000652917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb281f0710ee1e232021-12-21 12:20:34.444root 11241100x8000000000000000652918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2633604942c1f2912021-12-21 12:20:34.444root 11241100x8000000000000000652919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e306d1dcdf9b232021-12-21 12:20:34.444root 11241100x8000000000000000652920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295e8f8dc02c08b42021-12-21 12:20:34.444root 11241100x8000000000000000652921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb1c7fc3fbfacc82021-12-21 12:20:34.444root 11241100x8000000000000000652922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de4fb6ff5ccbdaa2021-12-21 12:20:34.444root 11241100x8000000000000000652923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a648883758ad6572021-12-21 12:20:34.445root 11241100x8000000000000000652924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8bd75d5294097f2021-12-21 12:20:34.445root 11241100x8000000000000000652925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff08aebe270b5eb52021-12-21 12:20:34.445root 11241100x8000000000000000652926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7490c44ad092d5fc2021-12-21 12:20:34.445root 11241100x8000000000000000652927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7459211c0c58120b2021-12-21 12:20:34.445root 11241100x8000000000000000652928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a683ddcbf25939252021-12-21 12:20:34.446root 11241100x8000000000000000652929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53d26c995ed14df2021-12-21 12:20:34.446root 11241100x8000000000000000652930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf3fc8304eac5f22021-12-21 12:20:34.446root 11241100x8000000000000000652931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a567a22895be51c2021-12-21 12:20:34.446root 11241100x8000000000000000652932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53372909a41401de2021-12-21 12:20:34.446root 11241100x8000000000000000652933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25ad0bcc92d94be2021-12-21 12:20:34.446root 11241100x8000000000000000652934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6817e57e68d14a9e2021-12-21 12:20:34.447root 11241100x8000000000000000652935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2f488e731e6e7e2021-12-21 12:20:34.447root 11241100x8000000000000000652936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ab59c6abed2afe2021-12-21 12:20:34.943root 11241100x8000000000000000652937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f132c410118348c2021-12-21 12:20:34.943root 11241100x8000000000000000652938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4218984e3711c22d2021-12-21 12:20:34.943root 11241100x8000000000000000652939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2012b5c2156b3a8f2021-12-21 12:20:34.943root 11241100x8000000000000000652940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4890abad42ca134d2021-12-21 12:20:34.943root 11241100x8000000000000000652941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3729fe850d0d632f2021-12-21 12:20:34.944root 11241100x8000000000000000652942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045ae0799bbb40dc2021-12-21 12:20:34.944root 11241100x8000000000000000652943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2681aacc348b5882021-12-21 12:20:34.944root 11241100x8000000000000000652944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0cf3adc2411d3f2021-12-21 12:20:34.944root 11241100x8000000000000000652945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4cd303f29866dd2021-12-21 12:20:34.944root 11241100x8000000000000000652946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2968eda7b8008d822021-12-21 12:20:34.944root 11241100x8000000000000000652947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0b01e4a00f3b882021-12-21 12:20:34.944root 11241100x8000000000000000652948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bd056d23c6c9952021-12-21 12:20:34.945root 11241100x8000000000000000652949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40351be1020f8bc72021-12-21 12:20:34.946root 11241100x8000000000000000652950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4e6300b0f89ffe2021-12-21 12:20:34.946root 11241100x8000000000000000652951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7829a608a33dd3d2021-12-21 12:20:34.946root 11241100x8000000000000000652952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcdf92e22956a822021-12-21 12:20:34.946root 11241100x8000000000000000652953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1b925e1e3f83d82021-12-21 12:20:34.946root 11241100x8000000000000000652954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbe3c2707f6bdff2021-12-21 12:20:34.946root 11241100x8000000000000000652955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce702459c85453902021-12-21 12:20:34.946root 11241100x8000000000000000652956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a3c06fc862d3f62021-12-21 12:20:34.946root 11241100x8000000000000000652957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b9b4ee6af5575e2021-12-21 12:20:34.946root 11241100x8000000000000000652958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce2f95c5f0492bc2021-12-21 12:20:35.443root 11241100x8000000000000000652959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4516af2d77566e662021-12-21 12:20:35.443root 11241100x8000000000000000652960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe087118f505f1e2021-12-21 12:20:35.443root 11241100x8000000000000000652961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6935d415286ca7fc2021-12-21 12:20:35.443root 11241100x8000000000000000652962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9cb86ae90c9a382021-12-21 12:20:35.443root 11241100x8000000000000000652963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540c985eb58b2a6c2021-12-21 12:20:35.443root 11241100x8000000000000000652964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9a9a443bc19d6b2021-12-21 12:20:35.443root 11241100x8000000000000000652965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1abe18cac16aff2021-12-21 12:20:35.444root 11241100x8000000000000000652966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6167a938818128052021-12-21 12:20:35.444root 11241100x8000000000000000652967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae38c48ceb46c6a62021-12-21 12:20:35.444root 11241100x8000000000000000652968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07264ed8b8fd1c052021-12-21 12:20:35.444root 11241100x8000000000000000652969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33f4d363284b7a52021-12-21 12:20:35.444root 11241100x8000000000000000652970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1f7e2e1c44a4752021-12-21 12:20:35.445root 11241100x8000000000000000652971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25585c96d08300842021-12-21 12:20:35.445root 11241100x8000000000000000652972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b412786852a379d2021-12-21 12:20:35.445root 11241100x8000000000000000652973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0e4450e16761002021-12-21 12:20:35.445root 11241100x8000000000000000652974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e097e491b657092a2021-12-21 12:20:35.445root 11241100x8000000000000000652975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a170c0a63f5cb212021-12-21 12:20:35.445root 11241100x8000000000000000652976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029821203a9127822021-12-21 12:20:35.445root 11241100x8000000000000000652977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c56ba24ab57a7b22021-12-21 12:20:35.446root 11241100x8000000000000000652978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26343440a0f91932021-12-21 12:20:35.446root 11241100x8000000000000000652979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b462ffe91d93ec502021-12-21 12:20:35.446root 11241100x8000000000000000652980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7beb12e72ccccf2021-12-21 12:20:35.943root 11241100x8000000000000000652981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61147c0f764be7fc2021-12-21 12:20:35.943root 11241100x8000000000000000652982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9d1396a0a27cb22021-12-21 12:20:35.944root 11241100x8000000000000000652983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f80cf5d0c5fb8042021-12-21 12:20:35.944root 11241100x8000000000000000652984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff93d3ecd79983d82021-12-21 12:20:35.944root 11241100x8000000000000000652985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c319f643fc5f8c2021-12-21 12:20:35.944root 11241100x8000000000000000652986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0d802003e117272021-12-21 12:20:35.944root 11241100x8000000000000000652987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41dd92c3879f42932021-12-21 12:20:35.944root 11241100x8000000000000000652988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab45b50b644b77bc2021-12-21 12:20:35.944root 11241100x8000000000000000652989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7b9b6e23d9c3d32021-12-21 12:20:35.944root 11241100x8000000000000000652990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca9fc5e29e410732021-12-21 12:20:35.944root 11241100x8000000000000000652991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912278accfd1d01a2021-12-21 12:20:35.944root 11241100x8000000000000000652992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a9f513bbd757482021-12-21 12:20:35.944root 11241100x8000000000000000652993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6377e73c186fcdad2021-12-21 12:20:35.944root 11241100x8000000000000000652994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb03bd18b2d38bbf2021-12-21 12:20:35.945root 11241100x8000000000000000652995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cd2f06b0737abd2021-12-21 12:20:35.945root 11241100x8000000000000000652996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e1ae87e631b7fc2021-12-21 12:20:35.945root 11241100x8000000000000000652997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c673d14e35cc31d82021-12-21 12:20:35.945root 11241100x8000000000000000652998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9ba0bbfecb7a902021-12-21 12:20:35.945root 11241100x8000000000000000652999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a94ddecc373ada32021-12-21 12:20:35.945root 11241100x8000000000000000653000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a74aa771e446e12021-12-21 12:20:35.945root 11241100x8000000000000000653001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8336f92689d052972021-12-21 12:20:35.946root 11241100x8000000000000000653002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.143{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:20:36.143root 11241100x8000000000000000653003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d0989a4af83b2e2021-12-21 12:20:36.443root 11241100x8000000000000000653004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fdb5b8838be7802021-12-21 12:20:36.443root 11241100x8000000000000000653005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a18940ee95f46fa2021-12-21 12:20:36.443root 11241100x8000000000000000653006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10466423494e7e2b2021-12-21 12:20:36.443root 11241100x8000000000000000653007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211abd73f28ab6622021-12-21 12:20:36.443root 11241100x8000000000000000653008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbfd06ff6b86bf42021-12-21 12:20:36.443root 11241100x8000000000000000653009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4001539f523a69a2021-12-21 12:20:36.444root 11241100x8000000000000000653010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872758d5f0d698d42021-12-21 12:20:36.444root 11241100x8000000000000000653011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b8592bf022cd272021-12-21 12:20:36.444root 11241100x8000000000000000653012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ab2328256edd512021-12-21 12:20:36.445root 11241100x8000000000000000653013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967a1acba247fb912021-12-21 12:20:36.445root 11241100x8000000000000000653014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e01dbc4208193f2021-12-21 12:20:36.445root 11241100x8000000000000000653015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a40d0fc8038085b2021-12-21 12:20:36.445root 11241100x8000000000000000653016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09e86cc623282012021-12-21 12:20:36.445root 11241100x8000000000000000653017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55bb3ccbcc345f12021-12-21 12:20:36.445root 11241100x8000000000000000653018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17464e32c7b6780d2021-12-21 12:20:36.446root 11241100x8000000000000000653019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f649752b7a3221292021-12-21 12:20:36.446root 11241100x8000000000000000653020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08879c739d959492021-12-21 12:20:36.446root 11241100x8000000000000000653021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fbaf88a71925bd2021-12-21 12:20:36.446root 11241100x8000000000000000653022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2522980fde9d742021-12-21 12:20:36.446root 11241100x8000000000000000653023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2521b6fcdb0a48b82021-12-21 12:20:36.447root 11241100x8000000000000000653024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcfe6f8d8a8dcd72021-12-21 12:20:36.447root 11241100x8000000000000000653025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad79753cf0aafd22021-12-21 12:20:36.447root 11241100x8000000000000000653026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362c69eed25e7a4f2021-12-21 12:20:36.943root 11241100x8000000000000000653027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d3c961373a16e72021-12-21 12:20:36.943root 11241100x8000000000000000653028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ad1480a5c75ef92021-12-21 12:20:36.943root 11241100x8000000000000000653029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b13dd97a721b1e2021-12-21 12:20:36.943root 11241100x8000000000000000653030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25d2c5b4ba729842021-12-21 12:20:36.943root 11241100x8000000000000000653031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb0c12005c77f9e2021-12-21 12:20:36.944root 11241100x8000000000000000653032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc96350fd0254e82021-12-21 12:20:36.944root 11241100x8000000000000000653033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae528006894c2ef62021-12-21 12:20:36.944root 11241100x8000000000000000653034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de1b2bace50ce222021-12-21 12:20:36.944root 11241100x8000000000000000653035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984767b44d1fa1982021-12-21 12:20:36.944root 11241100x8000000000000000653036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a04d578c6ea90b2021-12-21 12:20:36.944root 11241100x8000000000000000653037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41865f2bda1a40fc2021-12-21 12:20:36.944root 11241100x8000000000000000653038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971fd65407c8479c2021-12-21 12:20:36.944root 11241100x8000000000000000653039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5e5f7518071eb32021-12-21 12:20:36.944root 11241100x8000000000000000653040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1456b97216950ae2021-12-21 12:20:36.945root 11241100x8000000000000000653041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c33a01f5d8a3032021-12-21 12:20:36.946root 11241100x8000000000000000653042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97831a338d38f782021-12-21 12:20:36.946root 11241100x8000000000000000653043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923f2e97b9a72c8e2021-12-21 12:20:36.946root 11241100x8000000000000000653044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8c99fd2a76eb272021-12-21 12:20:36.946root 11241100x8000000000000000653045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d5c4ca715ca7a52021-12-21 12:20:36.946root 11241100x8000000000000000653046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4d8e6b1292cb952021-12-21 12:20:36.946root 11241100x8000000000000000653047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd3121400f3e3632021-12-21 12:20:36.947root 11241100x8000000000000000653048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692be05d8057ed522021-12-21 12:20:36.947root 11241100x8000000000000000653049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0295931aeac6c202021-12-21 12:20:36.947root 11241100x8000000000000000653050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57edd167adb400772021-12-21 12:20:36.947root 11241100x8000000000000000653051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8592f375c86496672021-12-21 12:20:36.947root 11241100x8000000000000000653052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b190537d46108ef72021-12-21 12:20:36.947root 11241100x8000000000000000653053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78359c8e53b81fe2021-12-21 12:20:36.947root 11241100x8000000000000000653054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff802875081bdc12021-12-21 12:20:36.948root 11241100x8000000000000000653055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685311960f7502aa2021-12-21 12:20:36.948root 11241100x8000000000000000653056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a705e9c0402d7d652021-12-21 12:20:36.948root 11241100x8000000000000000653057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bd9c8b45e500f12021-12-21 12:20:36.948root 354300x8000000000000000653058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.012{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49850-false10.0.1.12-8000- 11241100x8000000000000000653059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603c21926c5788fc2021-12-21 12:20:37.443root 11241100x8000000000000000653060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f198f908efd79852021-12-21 12:20:37.443root 11241100x8000000000000000653061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec1f2ceb32fef9f2021-12-21 12:20:37.443root 11241100x8000000000000000653062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08352cbed01518152021-12-21 12:20:37.443root 11241100x8000000000000000653063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfa4a2ef9fd963b2021-12-21 12:20:37.443root 11241100x8000000000000000653064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f456c8ed7598d6642021-12-21 12:20:37.443root 11241100x8000000000000000653065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023892e07165adde2021-12-21 12:20:37.443root 11241100x8000000000000000653066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb6844e0cc9b0e02021-12-21 12:20:37.443root 11241100x8000000000000000653067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c9b0e0d671afaa2021-12-21 12:20:37.444root 11241100x8000000000000000653068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45572d4f0ae707f62021-12-21 12:20:37.444root 11241100x8000000000000000653069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963ed1e26efceeef2021-12-21 12:20:37.444root 11241100x8000000000000000653070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c82a36e4d300712021-12-21 12:20:37.444root 11241100x8000000000000000653071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09b4174564874542021-12-21 12:20:37.444root 11241100x8000000000000000653072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360947ad940431962021-12-21 12:20:37.445root 11241100x8000000000000000653073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66b7b075e2611382021-12-21 12:20:37.445root 11241100x8000000000000000653074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645cde9c7d4b52e72021-12-21 12:20:37.445root 11241100x8000000000000000653075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31531fd8f50a3db72021-12-21 12:20:37.445root 11241100x8000000000000000653076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1379880ba20efdf2021-12-21 12:20:37.445root 11241100x8000000000000000653077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b913dfb5d713481f2021-12-21 12:20:37.445root 11241100x8000000000000000653078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9c865f0f7746572021-12-21 12:20:37.445root 11241100x8000000000000000653079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867716519bd299962021-12-21 12:20:37.445root 11241100x8000000000000000653080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475f7605500f24bf2021-12-21 12:20:37.445root 11241100x8000000000000000653081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d560652c72d679f2021-12-21 12:20:37.445root 11241100x8000000000000000653082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0991f982c7dd57502021-12-21 12:20:37.445root 11241100x8000000000000000653083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b0764e44b03d5d2021-12-21 12:20:37.445root 11241100x8000000000000000653084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afe209e35404e0e2021-12-21 12:20:37.943root 11241100x8000000000000000653085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0da62531b5bdbb2021-12-21 12:20:37.943root 11241100x8000000000000000653086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efbd89d40bb75a12021-12-21 12:20:37.943root 11241100x8000000000000000653087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ded068ba9e4d612021-12-21 12:20:37.943root 11241100x8000000000000000653088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbaf2ae4a3406972021-12-21 12:20:37.944root 11241100x8000000000000000653089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4451fe8e428e05212021-12-21 12:20:37.944root 11241100x8000000000000000653090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bb189cf57960ac2021-12-21 12:20:37.944root 11241100x8000000000000000653091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012fb48bb08c2e6f2021-12-21 12:20:37.944root 11241100x8000000000000000653092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b6d241913ab6242021-12-21 12:20:37.944root 11241100x8000000000000000653093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c935f551bd7c3af2021-12-21 12:20:37.944root 11241100x8000000000000000653094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb563d0a8a8281d92021-12-21 12:20:37.944root 11241100x8000000000000000653095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0337f7732277b6e52021-12-21 12:20:37.944root 11241100x8000000000000000653096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb536d22516a9c02021-12-21 12:20:37.944root 11241100x8000000000000000653097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c4c94a896f28762021-12-21 12:20:37.944root 11241100x8000000000000000653098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adeee734461ba9d62021-12-21 12:20:37.944root 11241100x8000000000000000653099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869fc0bb2404d8772021-12-21 12:20:37.944root 11241100x8000000000000000653100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2a80f9d405f6a02021-12-21 12:20:37.945root 11241100x8000000000000000653101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b6c1b7cbf13dc42021-12-21 12:20:37.945root 11241100x8000000000000000653102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea57fa72a5751ac62021-12-21 12:20:37.945root 11241100x8000000000000000653103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51af8ce055c6781f2021-12-21 12:20:37.945root 11241100x8000000000000000653104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58e6616501ad6522021-12-21 12:20:37.945root 11241100x8000000000000000653105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d1475587e1121b2021-12-21 12:20:37.945root 11241100x8000000000000000653106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f87c655169fdf0f2021-12-21 12:20:37.945root 11241100x8000000000000000653107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6401a7da23afe3742021-12-21 12:20:37.945root 11241100x8000000000000000653108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010f4cdcf16196c72021-12-21 12:20:38.443root 11241100x8000000000000000653109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ac11757d405c352021-12-21 12:20:38.443root 11241100x8000000000000000653110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d77ee0ff8da38a12021-12-21 12:20:38.444root 11241100x8000000000000000653111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a19b9018e9ccc32021-12-21 12:20:38.444root 11241100x8000000000000000653112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01871f41f72f8f632021-12-21 12:20:38.444root 11241100x8000000000000000653113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb37e3f803e4713c2021-12-21 12:20:38.444root 11241100x8000000000000000653114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ce2e88d34561632021-12-21 12:20:38.444root 11241100x8000000000000000653115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d2a1a8487914ab2021-12-21 12:20:38.444root 11241100x8000000000000000653116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e84935b915a0512021-12-21 12:20:38.444root 11241100x8000000000000000653117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101d5d1a97b3ba302021-12-21 12:20:38.444root 11241100x8000000000000000653118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fc51fe6e6cba532021-12-21 12:20:38.444root 11241100x8000000000000000653119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37208ff079b6e2b2021-12-21 12:20:38.444root 11241100x8000000000000000653120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1319111f7d58ece2021-12-21 12:20:38.445root 11241100x8000000000000000653121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abe3ff4d914aac62021-12-21 12:20:38.445root 11241100x8000000000000000653122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baae2ec09309d4c22021-12-21 12:20:38.445root 11241100x8000000000000000653123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f876cb819c37c12021-12-21 12:20:38.445root 11241100x8000000000000000653124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc38f4296a09d5792021-12-21 12:20:38.445root 11241100x8000000000000000653125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57833faefad5907d2021-12-21 12:20:38.445root 11241100x8000000000000000653126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe97a782f4a9b262021-12-21 12:20:38.445root 11241100x8000000000000000653127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9dd8cf2c6d66b12021-12-21 12:20:38.445root 11241100x8000000000000000653128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6937a0b556b53b2021-12-21 12:20:38.445root 11241100x8000000000000000653129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e11660b3a526b452021-12-21 12:20:38.445root 11241100x8000000000000000653130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f5515e172709d82021-12-21 12:20:38.445root 11241100x8000000000000000653131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03906b50c753105a2021-12-21 12:20:38.445root 11241100x8000000000000000653132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdda1d9d597cd2cc2021-12-21 12:20:38.943root 11241100x8000000000000000653133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8566a99266423d2021-12-21 12:20:38.943root 11241100x8000000000000000653134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a997cdf2ba281a0b2021-12-21 12:20:38.943root 11241100x8000000000000000653135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380f340837e48f892021-12-21 12:20:38.943root 11241100x8000000000000000653136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a61a980fa3e86a2021-12-21 12:20:38.944root 11241100x8000000000000000653137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7460029593739502021-12-21 12:20:38.944root 11241100x8000000000000000653138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5904d727d8dcdff92021-12-21 12:20:38.944root 11241100x8000000000000000653139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bffe056fc7bf2a32021-12-21 12:20:38.944root 11241100x8000000000000000653140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447acbb9101388932021-12-21 12:20:38.944root 11241100x8000000000000000653141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3f0f12dcca11af2021-12-21 12:20:38.944root 11241100x8000000000000000653142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5db1fdd74c22142021-12-21 12:20:38.944root 11241100x8000000000000000653143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e116cd4cb3775c62021-12-21 12:20:38.944root 11241100x8000000000000000653144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8bba47e9d1dcbaa2021-12-21 12:20:38.944root 11241100x8000000000000000653145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddcd91e977667952021-12-21 12:20:38.944root 11241100x8000000000000000653146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84f7b2615dfdb012021-12-21 12:20:38.944root 11241100x8000000000000000653147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedc667b3068b65e2021-12-21 12:20:38.944root 11241100x8000000000000000653148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2710486748fb9342021-12-21 12:20:38.944root 11241100x8000000000000000653149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037764bcb67c0a212021-12-21 12:20:38.944root 11241100x8000000000000000653150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff00e3be16dacd62021-12-21 12:20:38.944root 11241100x8000000000000000653151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12088e935a79f9032021-12-21 12:20:38.944root 11241100x8000000000000000653152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee112447c8ed7132021-12-21 12:20:38.945root 11241100x8000000000000000653153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366617d7169e5d132021-12-21 12:20:38.945root 11241100x8000000000000000653154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd69f7dbb1968922021-12-21 12:20:38.945root 11241100x8000000000000000653155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2adc1829a63fad1f2021-12-21 12:20:38.945root 23542300x8000000000000000653156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.145{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000653157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac049ece7e2fb1ae2021-12-21 12:20:39.443root 11241100x8000000000000000653158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccef1545b267a9d2021-12-21 12:20:39.443root 11241100x8000000000000000653159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cab05a719a52fc2021-12-21 12:20:39.444root 11241100x8000000000000000653160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ae5bba2412b9172021-12-21 12:20:39.444root 11241100x8000000000000000653161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113abd8a320624f32021-12-21 12:20:39.444root 11241100x8000000000000000653162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f76c7c32bd616472021-12-21 12:20:39.444root 11241100x8000000000000000653163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfd6c6e00a03d712021-12-21 12:20:39.444root 11241100x8000000000000000653164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ddb94166b5670d2021-12-21 12:20:39.444root 11241100x8000000000000000653165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b1dc3b324e8e9d2021-12-21 12:20:39.444root 11241100x8000000000000000653166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9702db2f02f6057b2021-12-21 12:20:39.444root 11241100x8000000000000000653167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49423a92cf765bd22021-12-21 12:20:39.444root 11241100x8000000000000000653168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde95ba80bf7711a2021-12-21 12:20:39.444root 11241100x8000000000000000653169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfd932d82bf5a022021-12-21 12:20:39.444root 11241100x8000000000000000653170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6539ed4e566936032021-12-21 12:20:39.445root 11241100x8000000000000000653171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c92a5b7ad3920a2021-12-21 12:20:39.445root 11241100x8000000000000000653172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d24b036fb69fc42021-12-21 12:20:39.445root 11241100x8000000000000000653173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364534f0f7531ec72021-12-21 12:20:39.445root 11241100x8000000000000000653174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6c40cb0a3825202021-12-21 12:20:39.445root 11241100x8000000000000000653175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12589b064840c4a32021-12-21 12:20:39.445root 11241100x8000000000000000653176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144df6c247b0af5b2021-12-21 12:20:39.445root 11241100x8000000000000000653177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb1891b666a2def2021-12-21 12:20:39.445root 11241100x8000000000000000653178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345d7f5357672c352021-12-21 12:20:39.445root 11241100x8000000000000000653179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dff6e018559f5e2021-12-21 12:20:39.445root 11241100x8000000000000000653180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80987e351ad9ccb02021-12-21 12:20:39.445root 11241100x8000000000000000653181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8373de90c48e65d92021-12-21 12:20:39.445root 11241100x8000000000000000653182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2572ac99dc7e862021-12-21 12:20:39.943root 11241100x8000000000000000653183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e5f7304dc606402021-12-21 12:20:39.943root 11241100x8000000000000000653184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebe110ebf246f142021-12-21 12:20:39.943root 11241100x8000000000000000653185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe6dae25024863a2021-12-21 12:20:39.943root 11241100x8000000000000000653186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4489545cfb2d652021-12-21 12:20:39.944root 11241100x8000000000000000653187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee88940bba7f32e2021-12-21 12:20:39.944root 11241100x8000000000000000653188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dfbe09f25944aa2021-12-21 12:20:39.944root 11241100x8000000000000000653189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23256f87c3a3eb6b2021-12-21 12:20:39.944root 11241100x8000000000000000653190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ef19267e16c8f32021-12-21 12:20:39.944root 11241100x8000000000000000653191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b76bb79b2c6f6d72021-12-21 12:20:39.944root 11241100x8000000000000000653192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13152ce64faa3422021-12-21 12:20:39.944root 11241100x8000000000000000653193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef7a44cd5775a072021-12-21 12:20:39.944root 11241100x8000000000000000653194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b57e2a5a31d7cf12021-12-21 12:20:39.944root 11241100x8000000000000000653195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fc140d81a8f8f12021-12-21 12:20:39.944root 11241100x8000000000000000653196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194fe26ba0de32a32021-12-21 12:20:39.944root 11241100x8000000000000000653197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d961612b33df12e02021-12-21 12:20:39.944root 11241100x8000000000000000653198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cbd419cd76efe32021-12-21 12:20:39.944root 11241100x8000000000000000653199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff0ee49af9aaf5e2021-12-21 12:20:39.944root 11241100x8000000000000000653200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db1eafe9a0a7a2c2021-12-21 12:20:39.944root 11241100x8000000000000000653201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1308d6cb4135ed32021-12-21 12:20:39.944root 11241100x8000000000000000653202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96e0b1d88d207812021-12-21 12:20:39.945root 11241100x8000000000000000653203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d6e2a967809b2e2021-12-21 12:20:39.945root 11241100x8000000000000000653204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace9952f1f4589f12021-12-21 12:20:39.945root 11241100x8000000000000000653205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c221c8b1a94b3bc2021-12-21 12:20:39.945root 11241100x8000000000000000653206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d5f8ae15218a792021-12-21 12:20:39.945root 11241100x8000000000000000653207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9639716a72711e4d2021-12-21 12:20:39.945root 11241100x8000000000000000653208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a03277e7a5dcb0e2021-12-21 12:20:39.945root 11241100x8000000000000000653209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1176860fa6d51f482021-12-21 12:20:39.945root 11241100x8000000000000000653210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331089a490aed0ff2021-12-21 12:20:39.945root 11241100x8000000000000000653211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865391afa529b3022021-12-21 12:20:39.946root 11241100x8000000000000000653212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658ba5e50c72cbc22021-12-21 12:20:39.946root 11241100x8000000000000000653213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71e6d92b40404c62021-12-21 12:20:39.946root 11241100x8000000000000000653214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b00be419419d922021-12-21 12:20:39.946root 11241100x8000000000000000653215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125fb058febc258e2021-12-21 12:20:40.443root 11241100x8000000000000000653216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4ae521b11612322021-12-21 12:20:40.443root 11241100x8000000000000000653217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d58a9fcedca7b7e2021-12-21 12:20:40.443root 11241100x8000000000000000653218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2d87f359e088812021-12-21 12:20:40.443root 11241100x8000000000000000653219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211f6f107b13d1472021-12-21 12:20:40.443root 11241100x8000000000000000653220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d0b4c5d44366302021-12-21 12:20:40.443root 11241100x8000000000000000653221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d991488470edb402021-12-21 12:20:40.444root 11241100x8000000000000000653222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2538f5cb040801f42021-12-21 12:20:40.444root 11241100x8000000000000000653223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7315d3131d641efe2021-12-21 12:20:40.444root 11241100x8000000000000000653224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13e93c02ea1f0fe2021-12-21 12:20:40.444root 11241100x8000000000000000653225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0f18e7e5de74f62021-12-21 12:20:40.444root 11241100x8000000000000000653226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9b17908c9363e82021-12-21 12:20:40.444root 11241100x8000000000000000653227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca108a58220821782021-12-21 12:20:40.444root 11241100x8000000000000000653228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d44991ba2733a72021-12-21 12:20:40.444root 11241100x8000000000000000653229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7dac34e20f2a7d2021-12-21 12:20:40.445root 11241100x8000000000000000653230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48dfd72ca11bafb2021-12-21 12:20:40.445root 11241100x8000000000000000653231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c269ddfd3626862021-12-21 12:20:40.445root 11241100x8000000000000000653232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b94c3a32f0f24e2021-12-21 12:20:40.445root 11241100x8000000000000000653233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62aec45977e9f182021-12-21 12:20:40.445root 11241100x8000000000000000653234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5adb75bcbad5aa2021-12-21 12:20:40.445root 11241100x8000000000000000653235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866e8dbb9da53d5f2021-12-21 12:20:40.445root 11241100x8000000000000000653236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6553314bd3a50202021-12-21 12:20:40.445root 11241100x8000000000000000653237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0c318dffe8b0ec2021-12-21 12:20:40.446root 11241100x8000000000000000653238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11932e9159c0ba7f2021-12-21 12:20:40.446root 11241100x8000000000000000653239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d230a9b12da03ae02021-12-21 12:20:40.446root 11241100x8000000000000000653240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e408fece0ef05722021-12-21 12:20:40.942root 11241100x8000000000000000653241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d0d8fc03ae84d32021-12-21 12:20:40.943root 11241100x8000000000000000653242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3aef904fe84857f2021-12-21 12:20:40.943root 11241100x8000000000000000653243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc2028695af8e0d2021-12-21 12:20:40.943root 11241100x8000000000000000653244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b108ba4a29f6472021-12-21 12:20:40.943root 11241100x8000000000000000653245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b756acb4c4bdbbe22021-12-21 12:20:40.943root 11241100x8000000000000000653246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c2ee4f5b93559d2021-12-21 12:20:40.943root 11241100x8000000000000000653247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dfe94d1593d0522021-12-21 12:20:40.944root 11241100x8000000000000000653248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0906027accccf5c42021-12-21 12:20:40.944root 11241100x8000000000000000653249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ced77ccf9ac3e42021-12-21 12:20:40.944root 11241100x8000000000000000653250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9b670b4feffbbb2021-12-21 12:20:40.944root 11241100x8000000000000000653251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84027f70b4b16bb2021-12-21 12:20:40.944root 11241100x8000000000000000653252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24d8e83ca9feb3e2021-12-21 12:20:40.944root 11241100x8000000000000000653253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f5e3c9eaf08b7f2021-12-21 12:20:40.944root 11241100x8000000000000000653254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75024c7f1c390bc2021-12-21 12:20:40.945root 11241100x8000000000000000653255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4abfd70ec8561d72021-12-21 12:20:40.945root 11241100x8000000000000000653256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e422c55242027c2021-12-21 12:20:40.945root 11241100x8000000000000000653257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f4ba3be68b55762021-12-21 12:20:40.945root 11241100x8000000000000000653258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3f3da4e60d575b2021-12-21 12:20:40.945root 11241100x8000000000000000653259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a622ee25c25afe4c2021-12-21 12:20:40.945root 11241100x8000000000000000653260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a00550b5c9a17a2021-12-21 12:20:40.946root 11241100x8000000000000000653261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d459becf3d6a1752021-12-21 12:20:40.946root 11241100x8000000000000000653262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e90d233a93f9e4d2021-12-21 12:20:40.946root 11241100x8000000000000000653263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2673a6417b6af7aa2021-12-21 12:20:40.946root 11241100x8000000000000000653264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9c0956552deba92021-12-21 12:20:40.946root 11241100x8000000000000000653265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6109add94a3337652021-12-21 12:20:40.947root 11241100x8000000000000000653266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55eb8a78491b8f772021-12-21 12:20:40.947root 11241100x8000000000000000653267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a3551b0eb5e9302021-12-21 12:20:40.947root 11241100x8000000000000000653268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afcb44d83e4067b2021-12-21 12:20:41.443root 11241100x8000000000000000653269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db258c443e1015282021-12-21 12:20:41.443root 11241100x8000000000000000653270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e73b0ad681b68eb2021-12-21 12:20:41.443root 11241100x8000000000000000653271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c3db2f8f83374d2021-12-21 12:20:41.444root 11241100x8000000000000000653272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fede5d0711a192962021-12-21 12:20:41.444root 11241100x8000000000000000653273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba37133aab7b05d2021-12-21 12:20:41.444root 11241100x8000000000000000653274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314227cff60551942021-12-21 12:20:41.444root 11241100x8000000000000000653275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555e1dc39ca08fed2021-12-21 12:20:41.444root 11241100x8000000000000000653276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871ce00456143af02021-12-21 12:20:41.444root 11241100x8000000000000000653277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842e4ccc83e344392021-12-21 12:20:41.445root 11241100x8000000000000000653278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8cf1b381b7a90c2021-12-21 12:20:41.445root 11241100x8000000000000000653279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124f57eda66603442021-12-21 12:20:41.445root 11241100x8000000000000000653280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103133696e0c34292021-12-21 12:20:41.445root 11241100x8000000000000000653281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461507844e12eb242021-12-21 12:20:41.445root 11241100x8000000000000000653282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a7b705af3d172e2021-12-21 12:20:41.445root 11241100x8000000000000000653283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3027fa7814ed1dee2021-12-21 12:20:41.445root 11241100x8000000000000000653284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b79c751362483d62021-12-21 12:20:41.445root 11241100x8000000000000000653285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d00c76b6993a332021-12-21 12:20:41.446root 11241100x8000000000000000653286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3b19cb778a59282021-12-21 12:20:41.446root 11241100x8000000000000000653287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d67fe9ec99874932021-12-21 12:20:41.446root 11241100x8000000000000000653288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a574da528d2ce262021-12-21 12:20:41.446root 11241100x8000000000000000653289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0823a3d3e483b6702021-12-21 12:20:41.446root 11241100x8000000000000000653290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762e36ee2fc714f82021-12-21 12:20:41.447root 11241100x8000000000000000653291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1895589e9f6986162021-12-21 12:20:41.447root 11241100x8000000000000000653292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bac372900118e492021-12-21 12:20:41.447root 11241100x8000000000000000653293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25930b11c33200852021-12-21 12:20:41.942root 11241100x8000000000000000653294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1819ee38d5af972021-12-21 12:20:41.943root 11241100x8000000000000000653295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656278aafdcfbc592021-12-21 12:20:41.943root 11241100x8000000000000000653296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6eada75a8d5e1192021-12-21 12:20:41.943root 11241100x8000000000000000653297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f008dcd52917b10c2021-12-21 12:20:41.943root 11241100x8000000000000000653298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b64ae6b05f42da2021-12-21 12:20:41.944root 11241100x8000000000000000653299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70058792e1b7ef92021-12-21 12:20:41.944root 11241100x8000000000000000653300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4074c09c9e36c3f92021-12-21 12:20:41.944root 11241100x8000000000000000653301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc195f8f54212f32021-12-21 12:20:41.944root 11241100x8000000000000000653302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a7e75803bb1f6b2021-12-21 12:20:41.944root 11241100x8000000000000000653303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e301cbad05591d2b2021-12-21 12:20:41.944root 11241100x8000000000000000653304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567dd031c2afd2a32021-12-21 12:20:41.944root 11241100x8000000000000000653305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d56e471b62a8f12021-12-21 12:20:41.945root 11241100x8000000000000000653306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4899692b2d450012021-12-21 12:20:41.945root 11241100x8000000000000000653307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f406f150cd7f692021-12-21 12:20:41.945root 11241100x8000000000000000653308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fe9f25e72dbc0c2021-12-21 12:20:41.945root 11241100x8000000000000000653309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e20d65889e0b892021-12-21 12:20:41.945root 11241100x8000000000000000653310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f396f713ca7ba5d2021-12-21 12:20:41.945root 11241100x8000000000000000653311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f875f6173d1cb4b2021-12-21 12:20:41.945root 11241100x8000000000000000653312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94288640ec7e2f12021-12-21 12:20:41.945root 11241100x8000000000000000653313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56bb81f71a1e3632021-12-21 12:20:41.946root 11241100x8000000000000000653314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7d066209672d2f2021-12-21 12:20:41.946root 11241100x8000000000000000653315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb6edbc41ab73662021-12-21 12:20:41.946root 11241100x8000000000000000653316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97cd9b10ccf1bc42021-12-21 12:20:41.946root 11241100x8000000000000000653317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18055fca4ccf91632021-12-21 12:20:41.946root 11241100x8000000000000000653318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a03721822398102021-12-21 12:20:41.947root 354300x8000000000000000653319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.100{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49852-false10.0.1.12-8000- 11241100x8000000000000000653320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfc4542f450eef62021-12-21 12:20:42.443root 11241100x8000000000000000653321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d3c117d1aba64d2021-12-21 12:20:42.443root 11241100x8000000000000000653322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c06532242bcf2d02021-12-21 12:20:42.443root 11241100x8000000000000000653323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886243acd6cae6b92021-12-21 12:20:42.443root 11241100x8000000000000000653324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8963e59c0d2a76c92021-12-21 12:20:42.444root 11241100x8000000000000000653325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b532e697bf5daebf2021-12-21 12:20:42.444root 11241100x8000000000000000653326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a008b99862296b2021-12-21 12:20:42.444root 11241100x8000000000000000653327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3984d6b20dd76ed22021-12-21 12:20:42.444root 11241100x8000000000000000653328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c807b390af06de2021-12-21 12:20:42.444root 11241100x8000000000000000653329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d632a291e9e97bb2021-12-21 12:20:42.444root 11241100x8000000000000000653330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0c5864422b3ef12021-12-21 12:20:42.444root 11241100x8000000000000000653331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76744b1683ebc5f2021-12-21 12:20:42.444root 11241100x8000000000000000653332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a774aef80efbb8c2021-12-21 12:20:42.444root 11241100x8000000000000000653333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4125b3344c297fc2021-12-21 12:20:42.444root 11241100x8000000000000000653334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01072e61b77a524a2021-12-21 12:20:42.444root 11241100x8000000000000000653335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468c662ff7d7f05c2021-12-21 12:20:42.444root 11241100x8000000000000000653336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abf74ee233996a92021-12-21 12:20:42.445root 11241100x8000000000000000653337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9f21486c40d0ec2021-12-21 12:20:42.445root 11241100x8000000000000000653338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23516c91bdb63dd12021-12-21 12:20:42.445root 11241100x8000000000000000653339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5613625f84d0770a2021-12-21 12:20:42.445root 11241100x8000000000000000653340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4d695c186e11192021-12-21 12:20:42.445root 11241100x8000000000000000653341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfd8ad20be666ee2021-12-21 12:20:42.445root 11241100x8000000000000000653342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f08f0e5249ed712021-12-21 12:20:42.445root 11241100x8000000000000000653343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56c41d6b31f5bcb2021-12-21 12:20:42.446root 11241100x8000000000000000653344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d597e49e1e5eb792021-12-21 12:20:42.447root 11241100x8000000000000000653345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d6e600d7376f5a2021-12-21 12:20:42.447root 11241100x8000000000000000653346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf84562b46e368a62021-12-21 12:20:42.943root 11241100x8000000000000000653347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9c9952c122d6912021-12-21 12:20:42.943root 11241100x8000000000000000653348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb213affe66f64f2021-12-21 12:20:42.944root 11241100x8000000000000000653349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc20a28a38eb7d612021-12-21 12:20:42.944root 11241100x8000000000000000653350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1facbc0d518b322021-12-21 12:20:42.944root 11241100x8000000000000000653351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ff084d498b531a2021-12-21 12:20:42.945root 11241100x8000000000000000653352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad39a49a5099c1882021-12-21 12:20:42.945root 11241100x8000000000000000653353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609fed8a5695acad2021-12-21 12:20:42.945root 11241100x8000000000000000653354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a91e4845ee471f2021-12-21 12:20:42.945root 11241100x8000000000000000653355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37321109cbc3e492021-12-21 12:20:42.945root 11241100x8000000000000000653356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1e1d5b31cd81612021-12-21 12:20:42.945root 11241100x8000000000000000653357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5996b510a7e9252021-12-21 12:20:42.946root 11241100x8000000000000000653358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf713b495cac3b32021-12-21 12:20:42.946root 11241100x8000000000000000653359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a6757457de8b572021-12-21 12:20:42.946root 11241100x8000000000000000653360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0e6dc94f8ff9f62021-12-21 12:20:42.946root 11241100x8000000000000000653361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35a69ae1dc177932021-12-21 12:20:42.947root 11241100x8000000000000000653362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb58454ca43a53c2021-12-21 12:20:42.947root 11241100x8000000000000000653363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0badc3bfbb6fe402021-12-21 12:20:42.947root 11241100x8000000000000000653364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856dec689eb40a662021-12-21 12:20:42.947root 11241100x8000000000000000653365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fc331124146fad2021-12-21 12:20:42.947root 11241100x8000000000000000653366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca1ec97673680772021-12-21 12:20:42.947root 11241100x8000000000000000653367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eb0a607bdc03b82021-12-21 12:20:42.947root 11241100x8000000000000000653368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977d32bbd97b88a02021-12-21 12:20:42.947root 11241100x8000000000000000653369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d618adc5826c902021-12-21 12:20:42.947root 11241100x8000000000000000653370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915d82404261655d2021-12-21 12:20:42.948root 11241100x8000000000000000653371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eaa8cee1b8f8dde2021-12-21 12:20:42.948root 11241100x8000000000000000653372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32dabdf61952b8082021-12-21 12:20:42.948root 11241100x8000000000000000653373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50a063259ddb3292021-12-21 12:20:43.443root 11241100x8000000000000000653374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ca3e98a1c0a1a32021-12-21 12:20:43.443root 11241100x8000000000000000653375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c35eed209b66a32021-12-21 12:20:43.443root 11241100x8000000000000000653376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04fea2c425714212021-12-21 12:20:43.444root 11241100x8000000000000000653377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12e3fd7c3f8586c2021-12-21 12:20:43.444root 11241100x8000000000000000653378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154fe5be1145e33b2021-12-21 12:20:43.444root 11241100x8000000000000000653379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba3abedd899a03f2021-12-21 12:20:43.445root 11241100x8000000000000000653380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f74c85dcba91352021-12-21 12:20:43.445root 11241100x8000000000000000653381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9caba15c8c97732021-12-21 12:20:43.445root 11241100x8000000000000000653382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c00bdf7f0538ef42021-12-21 12:20:43.445root 11241100x8000000000000000653383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfcb941a321304c2021-12-21 12:20:43.445root 11241100x8000000000000000653384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62e88f8eb60b1bc2021-12-21 12:20:43.445root 11241100x8000000000000000653385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f61c615f4f6bcfd2021-12-21 12:20:43.445root 11241100x8000000000000000653386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d026eda3f610f2a12021-12-21 12:20:43.445root 11241100x8000000000000000653387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77cdaaa9eecf7c312021-12-21 12:20:43.447root 11241100x8000000000000000653388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d827cef5435adbdd2021-12-21 12:20:43.447root 11241100x8000000000000000653389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb34ddae7d0828952021-12-21 12:20:43.447root 11241100x8000000000000000653390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6347266fc5c614d02021-12-21 12:20:43.447root 11241100x8000000000000000653391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd700a25055436f2021-12-21 12:20:43.448root 11241100x8000000000000000653392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94083f14be887f022021-12-21 12:20:43.448root 11241100x8000000000000000653393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe6160dd10e2d9f2021-12-21 12:20:43.448root 11241100x8000000000000000653394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c4d4830626a7bb2021-12-21 12:20:43.448root 11241100x8000000000000000653395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac69c31d29a4f69a2021-12-21 12:20:43.448root 11241100x8000000000000000653396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260f0e6570964f302021-12-21 12:20:43.448root 11241100x8000000000000000653397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66dfb3a6565f5e0f2021-12-21 12:20:43.448root 11241100x8000000000000000653398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5fffcaf485c4e12021-12-21 12:20:43.448root 11241100x8000000000000000653399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a397f3d259512372021-12-21 12:20:43.943root 11241100x8000000000000000653400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6aae86b83b88cc52021-12-21 12:20:43.943root 11241100x8000000000000000653401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16aecb0b3a2cfcac2021-12-21 12:20:43.943root 11241100x8000000000000000653402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37d0556ba8494db2021-12-21 12:20:43.943root 11241100x8000000000000000653403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0ec4ef4408abc52021-12-21 12:20:43.944root 11241100x8000000000000000653404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f0639fb09bfd152021-12-21 12:20:43.944root 11241100x8000000000000000653405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d8299eaedbce672021-12-21 12:20:43.944root 11241100x8000000000000000653406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57328ec48f9a8222021-12-21 12:20:43.944root 11241100x8000000000000000653407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafa2bcd21c81d212021-12-21 12:20:43.944root 11241100x8000000000000000653408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227b9e78cff2c1842021-12-21 12:20:43.944root 11241100x8000000000000000653409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0f8ab83ac99bcb2021-12-21 12:20:43.944root 11241100x8000000000000000653410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d732b7bd72c4c52021-12-21 12:20:43.944root 11241100x8000000000000000653411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25cd42f145f06932021-12-21 12:20:43.944root 11241100x8000000000000000653412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3d20b4889242672021-12-21 12:20:43.944root 11241100x8000000000000000653413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac9581fda042f492021-12-21 12:20:43.944root 11241100x8000000000000000653414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f43c00e3aa054a42021-12-21 12:20:43.944root 11241100x8000000000000000653415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97122d1a7ba393b2021-12-21 12:20:43.944root 11241100x8000000000000000653416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e67e80ed5a9d4d2021-12-21 12:20:43.945root 11241100x8000000000000000653417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cebf0d0ee5f6fa2021-12-21 12:20:43.945root 11241100x8000000000000000653418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88d760318d68abe2021-12-21 12:20:43.945root 11241100x8000000000000000653419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad637e0e51827522021-12-21 12:20:43.945root 11241100x8000000000000000653420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9578b435c7e36e372021-12-21 12:20:43.945root 11241100x8000000000000000653421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61bb6508fa6318c2021-12-21 12:20:43.945root 11241100x8000000000000000653422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7779b96193a605012021-12-21 12:20:43.945root 11241100x8000000000000000653423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb6e65fe1b3f2282021-12-21 12:20:43.945root 11241100x8000000000000000653424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64290693dc1ceb82021-12-21 12:20:43.945root 11241100x8000000000000000653425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c45275c66b0ae6e2021-12-21 12:20:44.443root 11241100x8000000000000000653426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cff70fc0699a3b72021-12-21 12:20:44.443root 11241100x8000000000000000653427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43b100b1d66303d2021-12-21 12:20:44.443root 11241100x8000000000000000653428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18827559e92bb61c2021-12-21 12:20:44.443root 11241100x8000000000000000653429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810297d304d68cc12021-12-21 12:20:44.443root 11241100x8000000000000000653430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898d3485b25d91742021-12-21 12:20:44.443root 11241100x8000000000000000653431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a80c47766d254c92021-12-21 12:20:44.443root 11241100x8000000000000000653432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1254fb718b624d2021-12-21 12:20:44.443root 11241100x8000000000000000653433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52c687da10ed4c22021-12-21 12:20:44.443root 11241100x8000000000000000653434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c940fc65e08693d2021-12-21 12:20:44.444root 11241100x8000000000000000653435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6439a43fa5a807d2021-12-21 12:20:44.444root 11241100x8000000000000000653436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31117738e60a2fb62021-12-21 12:20:44.444root 11241100x8000000000000000653437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62030379211ebb542021-12-21 12:20:44.444root 11241100x8000000000000000653438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c811baf8c78e6502021-12-21 12:20:44.444root 11241100x8000000000000000653439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17006eb8d2cba29c2021-12-21 12:20:44.444root 11241100x8000000000000000653440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b8c738b3ed21982021-12-21 12:20:44.444root 11241100x8000000000000000653441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9583fdb6e8aa0972021-12-21 12:20:44.444root 11241100x8000000000000000653442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6601158a2f2e6eb2021-12-21 12:20:44.444root 11241100x8000000000000000653443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66296fbdc03d0acb2021-12-21 12:20:44.444root 11241100x8000000000000000653444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf8016867a52d4b2021-12-21 12:20:44.444root 11241100x8000000000000000653445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b538d253ed6b272021-12-21 12:20:44.445root 11241100x8000000000000000653446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d83b7d1220cf8122021-12-21 12:20:44.445root 11241100x8000000000000000653447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ecda272635e4792021-12-21 12:20:44.445root 11241100x8000000000000000653448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23805b71e4ce02c52021-12-21 12:20:44.445root 11241100x8000000000000000653449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abd0d8b606193a12021-12-21 12:20:44.445root 11241100x8000000000000000653450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c41a8f8a30cf702021-12-21 12:20:44.445root 11241100x8000000000000000653451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07208b4f1666eed2021-12-21 12:20:44.445root 11241100x8000000000000000653452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198cc063ff788d972021-12-21 12:20:44.943root 11241100x8000000000000000653453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57429faf68fa315b2021-12-21 12:20:44.943root 11241100x8000000000000000653454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0961ce1f3e42ee2021-12-21 12:20:44.943root 11241100x8000000000000000653455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f10ffe18dc117a2021-12-21 12:20:44.943root 11241100x8000000000000000653456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f09e05ef22761ff2021-12-21 12:20:44.943root 11241100x8000000000000000653457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f013848d6c234d662021-12-21 12:20:44.943root 11241100x8000000000000000653458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2712b77075e24f802021-12-21 12:20:44.943root 11241100x8000000000000000653459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b91023108f84b612021-12-21 12:20:44.943root 11241100x8000000000000000653460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7ac175246532352021-12-21 12:20:44.943root 11241100x8000000000000000653461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0e8321597856742021-12-21 12:20:44.944root 11241100x8000000000000000653462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf7ac48448cf37c2021-12-21 12:20:44.944root 11241100x8000000000000000653463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581f800f2bd2df5f2021-12-21 12:20:44.944root 11241100x8000000000000000653464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899275b2616f70d92021-12-21 12:20:44.944root 11241100x8000000000000000653465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523f32cbaf19d1e22021-12-21 12:20:44.944root 11241100x8000000000000000653466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4405c533e2148172021-12-21 12:20:44.944root 11241100x8000000000000000653467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70a2a512df3909a2021-12-21 12:20:44.944root 11241100x8000000000000000653468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de545e9ee3af5fc22021-12-21 12:20:44.944root 11241100x8000000000000000653469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa92c97119715fc2021-12-21 12:20:44.944root 11241100x8000000000000000653470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941fe621f0a4724f2021-12-21 12:20:44.944root 11241100x8000000000000000653471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddca2fbfb77c69a92021-12-21 12:20:44.944root 11241100x8000000000000000653472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da5fb4a01baa4772021-12-21 12:20:44.944root 11241100x8000000000000000653473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d50d8af0db00d7a2021-12-21 12:20:44.944root 11241100x8000000000000000653474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3d99d575b844e42021-12-21 12:20:44.944root 11241100x8000000000000000653475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a22144f904a50e2021-12-21 12:20:44.945root 11241100x8000000000000000653476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776043c1ae1eb6232021-12-21 12:20:44.945root 11241100x8000000000000000653477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81019d461f31dcb62021-12-21 12:20:44.945root 11241100x8000000000000000653478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcfaf306c4dbdcc2021-12-21 12:20:45.443root 11241100x8000000000000000653479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706d217dd73654ca2021-12-21 12:20:45.443root 11241100x8000000000000000653480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c03e92e6f27bc02021-12-21 12:20:45.443root 11241100x8000000000000000653481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44e043e16778d7e2021-12-21 12:20:45.443root 11241100x8000000000000000653482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caa76f62f74aedd2021-12-21 12:20:45.443root 11241100x8000000000000000653483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa7972176b1155c2021-12-21 12:20:45.443root 11241100x8000000000000000653484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b494f446a9cffc2021-12-21 12:20:45.444root 11241100x8000000000000000653485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94c2d1ffbbe24ac2021-12-21 12:20:45.444root 11241100x8000000000000000653486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d5da7516db002f2021-12-21 12:20:45.444root 11241100x8000000000000000653487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7f76e158375f882021-12-21 12:20:45.444root 11241100x8000000000000000653488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500cde953493bb962021-12-21 12:20:45.444root 11241100x8000000000000000653489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879614e288c0b90b2021-12-21 12:20:45.444root 11241100x8000000000000000653490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e00f1303b842e672021-12-21 12:20:45.444root 11241100x8000000000000000653491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2105fe3c02d7653b2021-12-21 12:20:45.444root 11241100x8000000000000000653492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4109801243e8c8dd2021-12-21 12:20:45.444root 11241100x8000000000000000653493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b36b4d8524f51e2021-12-21 12:20:45.444root 11241100x8000000000000000653494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e76a4711b6838212021-12-21 12:20:45.445root 11241100x8000000000000000653495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a088557f38abff7f2021-12-21 12:20:45.445root 11241100x8000000000000000653496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688507bc323b14fd2021-12-21 12:20:45.445root 11241100x8000000000000000653497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf60cba87dc7fa42021-12-21 12:20:45.445root 11241100x8000000000000000653498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb56ca54120a03b32021-12-21 12:20:45.445root 11241100x8000000000000000653499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730f535ba34cf5492021-12-21 12:20:45.445root 11241100x8000000000000000653500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48952ce3643139d2021-12-21 12:20:45.445root 11241100x8000000000000000653501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6184cd277d50c3a52021-12-21 12:20:45.445root 11241100x8000000000000000653502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7085ba77fb2d658a2021-12-21 12:20:45.445root 11241100x8000000000000000653503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956576369ae0c8dc2021-12-21 12:20:45.445root 11241100x8000000000000000653504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dff018def0b7d32021-12-21 12:20:45.943root 11241100x8000000000000000653505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfff005a29ef98db2021-12-21 12:20:45.943root 11241100x8000000000000000653506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1b050d947962372021-12-21 12:20:45.943root 11241100x8000000000000000653507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd423afbcdf5ae732021-12-21 12:20:45.943root 11241100x8000000000000000653508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0b144879ea91552021-12-21 12:20:45.943root 11241100x8000000000000000653509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b1d16b7c5e7cfa2021-12-21 12:20:45.944root 11241100x8000000000000000653510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9397c6d63351bf3b2021-12-21 12:20:45.944root 11241100x8000000000000000653511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea09ff7ebba8aef2021-12-21 12:20:45.944root 11241100x8000000000000000653512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50036f24563bb9e2021-12-21 12:20:45.944root 11241100x8000000000000000653513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436db6465ae759a52021-12-21 12:20:45.944root 11241100x8000000000000000653514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09c10a8a0a03eb32021-12-21 12:20:45.944root 11241100x8000000000000000653515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490ce0002dbdc1dc2021-12-21 12:20:45.944root 11241100x8000000000000000653516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8f260a1eeadf222021-12-21 12:20:45.944root 11241100x8000000000000000653517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5940f8de8b9d63232021-12-21 12:20:45.944root 11241100x8000000000000000653518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2015f9bba2fe3dcb2021-12-21 12:20:45.944root 11241100x8000000000000000653519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51538e3057f74a632021-12-21 12:20:45.944root 11241100x8000000000000000653520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0050ef7de89bebdc2021-12-21 12:20:45.945root 11241100x8000000000000000653521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738b0d6359da26bc2021-12-21 12:20:45.945root 11241100x8000000000000000653522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013b4e364e5cf79b2021-12-21 12:20:45.945root 11241100x8000000000000000653523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99812ea22d631b42021-12-21 12:20:45.945root 11241100x8000000000000000653524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ee79d6e1434dc92021-12-21 12:20:45.945root 11241100x8000000000000000653525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b9e5e3743a8ebc2021-12-21 12:20:45.945root 11241100x8000000000000000653526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0d92f4eb22bbe72021-12-21 12:20:45.945root 11241100x8000000000000000653527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d585b8ca64eee6b32021-12-21 12:20:45.945root 11241100x8000000000000000653528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137d589fbf0370e52021-12-21 12:20:45.946root 11241100x8000000000000000653529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f4a6bb7d2988b92021-12-21 12:20:45.946root 11241100x8000000000000000653530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b275a3b137ff77d92021-12-21 12:20:45.946root 11241100x8000000000000000653531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212b3591e48809072021-12-21 12:20:45.947root 11241100x8000000000000000653532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fac205786e9e5a32021-12-21 12:20:45.947root 11241100x8000000000000000653533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac27c9b3dbeffbc2021-12-21 12:20:45.947root 11241100x8000000000000000653534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867e84c62ca4cade2021-12-21 12:20:45.947root 11241100x8000000000000000653535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4362063b272776d2021-12-21 12:20:45.947root 11241100x8000000000000000653536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5886cf594e05fae52021-12-21 12:20:46.443root 11241100x8000000000000000653537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce064402febd19e22021-12-21 12:20:46.443root 11241100x8000000000000000653538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8f2ed79c896b802021-12-21 12:20:46.444root 11241100x8000000000000000653539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae8f6bc693833b12021-12-21 12:20:46.444root 11241100x8000000000000000653540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48682b3411433f402021-12-21 12:20:46.444root 11241100x8000000000000000653541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643c3ebad09d313a2021-12-21 12:20:46.445root 11241100x8000000000000000653542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1618cfc264c97d12021-12-21 12:20:46.445root 11241100x8000000000000000653543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f3becd54527b772021-12-21 12:20:46.445root 11241100x8000000000000000653544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306998c0d58440dc2021-12-21 12:20:46.445root 11241100x8000000000000000653545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360f7716057aeee32021-12-21 12:20:46.445root 11241100x8000000000000000653546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5407be8420ae2e9f2021-12-21 12:20:46.445root 11241100x8000000000000000653547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630d7754ac9bdd192021-12-21 12:20:46.445root 11241100x8000000000000000653548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1c6190bed5821b2021-12-21 12:20:46.445root 11241100x8000000000000000653549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1001174d785a3d052021-12-21 12:20:46.446root 11241100x8000000000000000653550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97c94e02e5cf0022021-12-21 12:20:46.446root 11241100x8000000000000000653551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ee59a3904e5a602021-12-21 12:20:46.446root 11241100x8000000000000000653552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87076432c879192a2021-12-21 12:20:46.446root 11241100x8000000000000000653553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527da65f6a86acb82021-12-21 12:20:46.446root 11241100x8000000000000000653554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5784da671788ea2021-12-21 12:20:46.446root 11241100x8000000000000000653555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9835e158ef6e33d2021-12-21 12:20:46.446root 11241100x8000000000000000653556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0172cfdf289a532021-12-21 12:20:46.446root 11241100x8000000000000000653557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2884e6603d6403192021-12-21 12:20:46.446root 11241100x8000000000000000653558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fcbb2cead00db82021-12-21 12:20:46.446root 11241100x8000000000000000653559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8192285fa91be7dd2021-12-21 12:20:46.446root 11241100x8000000000000000653560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b5cf1b762ed18b2021-12-21 12:20:46.446root 11241100x8000000000000000653561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970820f47dd508962021-12-21 12:20:46.446root 11241100x8000000000000000653562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b259d6d597d38f72021-12-21 12:20:46.446root 11241100x8000000000000000653563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1448b74d8be7e0852021-12-21 12:20:46.446root 11241100x8000000000000000653564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fcd80b6d4c3cc12021-12-21 12:20:46.943root 11241100x8000000000000000653565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22d188544f597262021-12-21 12:20:46.943root 11241100x8000000000000000653566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891a45bd508db6ad2021-12-21 12:20:46.943root 11241100x8000000000000000653567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2b8a3de943e51b2021-12-21 12:20:46.943root 11241100x8000000000000000653568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7585910ddfc80bd82021-12-21 12:20:46.943root 11241100x8000000000000000653569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8569f29e3715402021-12-21 12:20:46.944root 11241100x8000000000000000653570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941fce6ccfcba51b2021-12-21 12:20:46.944root 11241100x8000000000000000653571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c7766a3908cc3f2021-12-21 12:20:46.944root 11241100x8000000000000000653572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24beb0ae16f5ac52021-12-21 12:20:46.944root 11241100x8000000000000000653573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995b3f129438114c2021-12-21 12:20:46.944root 11241100x8000000000000000653574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bac895e18f2be652021-12-21 12:20:46.944root 11241100x8000000000000000653575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123256d46ff459bf2021-12-21 12:20:46.944root 11241100x8000000000000000653576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3bb4d7a4d4b80c2021-12-21 12:20:46.945root 11241100x8000000000000000653577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e91aca251391b32021-12-21 12:20:46.945root 11241100x8000000000000000653578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a015efa9775c25f2021-12-21 12:20:46.945root 11241100x8000000000000000653579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d24eaa3ef80a4752021-12-21 12:20:46.945root 11241100x8000000000000000653580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be9f8bb5e75974f2021-12-21 12:20:46.945root 11241100x8000000000000000653581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc1d538dc0463362021-12-21 12:20:46.945root 11241100x8000000000000000653582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8206d0025a410832021-12-21 12:20:46.946root 11241100x8000000000000000653583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f8cd27aa78a7562021-12-21 12:20:46.946root 11241100x8000000000000000653584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca0d03fc8132f072021-12-21 12:20:46.946root 11241100x8000000000000000653585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d928e720fd8acd82021-12-21 12:20:46.946root 11241100x8000000000000000653586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f082f73ea58ffe502021-12-21 12:20:46.946root 11241100x8000000000000000653587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585e6cecd96112fd2021-12-21 12:20:46.946root 11241100x8000000000000000653588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c885df0ba2f6677f2021-12-21 12:20:46.946root 11241100x8000000000000000653589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5c8dcaf6f6528e2021-12-21 12:20:46.947root 11241100x8000000000000000653590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcbbc5529fc63232021-12-21 12:20:46.947root 11241100x8000000000000000653591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37b5bba79f23a552021-12-21 12:20:46.947root 11241100x8000000000000000653592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afea37a00966b1ce2021-12-21 12:20:46.947root 11241100x8000000000000000653593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb1a50b6d74bf362021-12-21 12:20:46.947root 11241100x8000000000000000653594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3674ca1773faf582021-12-21 12:20:46.947root 11241100x8000000000000000653595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea57b458e580d9f2021-12-21 12:20:47.443root 11241100x8000000000000000653596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22453a072af8f40b2021-12-21 12:20:47.443root 11241100x8000000000000000653597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f4cf42e056172b2021-12-21 12:20:47.443root 11241100x8000000000000000653598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3667bbcada95a032021-12-21 12:20:47.443root 11241100x8000000000000000653599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd11d730c33484c22021-12-21 12:20:47.443root 11241100x8000000000000000653600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89455c3e00b121b2021-12-21 12:20:47.444root 11241100x8000000000000000653601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5c2fce894ca3892021-12-21 12:20:47.444root 11241100x8000000000000000653602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81e07ea21e3757f2021-12-21 12:20:47.444root 11241100x8000000000000000653603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ee2126e3eebecb2021-12-21 12:20:47.444root 11241100x8000000000000000653604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61194f9c685939a2021-12-21 12:20:47.444root 11241100x8000000000000000653605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31eee0092de72b122021-12-21 12:20:47.445root 11241100x8000000000000000653606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4d372e5d81c1922021-12-21 12:20:47.445root 11241100x8000000000000000653607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2580ae57eb44a822021-12-21 12:20:47.445root 11241100x8000000000000000653608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839f5012e4af0cac2021-12-21 12:20:47.445root 11241100x8000000000000000653609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656da1a4354261262021-12-21 12:20:47.445root 11241100x8000000000000000653610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c33f2f8c552bc92021-12-21 12:20:47.445root 11241100x8000000000000000653611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637e12ad5a480dfb2021-12-21 12:20:47.445root 11241100x8000000000000000653612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99808561bf16798b2021-12-21 12:20:47.445root 11241100x8000000000000000653613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e4c656d1eddeb12021-12-21 12:20:47.445root 11241100x8000000000000000653614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2aae673acbd89072021-12-21 12:20:47.445root 11241100x8000000000000000653615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2235770a99129f3e2021-12-21 12:20:47.446root 11241100x8000000000000000653616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ff61bcc9e3ab442021-12-21 12:20:47.446root 11241100x8000000000000000653617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26537e0ce74ed0a2021-12-21 12:20:47.446root 11241100x8000000000000000653618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14223dbb6a1d1e842021-12-21 12:20:47.446root 11241100x8000000000000000653619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3f92a53fce43ba2021-12-21 12:20:47.446root 11241100x8000000000000000653620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c1befa064dafac2021-12-21 12:20:47.446root 11241100x8000000000000000653621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f56086d1908f9e22021-12-21 12:20:47.446root 11241100x8000000000000000653622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec4d9ec0fa386702021-12-21 12:20:47.446root 11241100x8000000000000000653623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdab7d80fe136df2021-12-21 12:20:47.446root 11241100x8000000000000000653624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aeab18441e9d6be2021-12-21 12:20:47.942root 11241100x8000000000000000653625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31973ee161af51802021-12-21 12:20:47.943root 11241100x8000000000000000653626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4fabb5f99374e52021-12-21 12:20:47.943root 11241100x8000000000000000653627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f465f5d52b0e7d372021-12-21 12:20:47.943root 11241100x8000000000000000653628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae8247d0778afdc2021-12-21 12:20:47.943root 11241100x8000000000000000653629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9a552781c44ce02021-12-21 12:20:47.943root 11241100x8000000000000000653630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad58659d8b7b48a2021-12-21 12:20:47.943root 11241100x8000000000000000653631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33d5b276c2075722021-12-21 12:20:47.943root 11241100x8000000000000000653632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c515fb7160ecde62021-12-21 12:20:47.943root 11241100x8000000000000000653633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85eb132436961eff2021-12-21 12:20:47.943root 11241100x8000000000000000653634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bae98f01e9267e42021-12-21 12:20:47.944root 11241100x8000000000000000653635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59236644bcbd21172021-12-21 12:20:47.944root 11241100x8000000000000000653636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2695adc66329b92021-12-21 12:20:47.944root 11241100x8000000000000000653637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3298dad6a9d14e5f2021-12-21 12:20:47.944root 11241100x8000000000000000653638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7742be636a0843fc2021-12-21 12:20:47.944root 11241100x8000000000000000653639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5a9a2b926a49432021-12-21 12:20:47.944root 11241100x8000000000000000653640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09592eb950eb3a42021-12-21 12:20:47.945root 11241100x8000000000000000653641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f850aaf4c122d6bf2021-12-21 12:20:47.945root 11241100x8000000000000000653642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a71533f6ba542d2021-12-21 12:20:47.945root 11241100x8000000000000000653643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62757a5d3e658ecb2021-12-21 12:20:47.945root 11241100x8000000000000000653644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab85d70ed62551d2021-12-21 12:20:47.945root 11241100x8000000000000000653645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5c3f363a85b8982021-12-21 12:20:47.945root 11241100x8000000000000000653646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651ac06c81d5d51f2021-12-21 12:20:47.946root 11241100x8000000000000000653647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0376c824630f86132021-12-21 12:20:47.946root 11241100x8000000000000000653648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306848cdebb9ef7e2021-12-21 12:20:47.946root 11241100x8000000000000000653649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fcefcc77752bf62021-12-21 12:20:47.946root 11241100x8000000000000000653650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157be1ceee9c94242021-12-21 12:20:47.946root 11241100x8000000000000000653651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8006b7f6b702c76e2021-12-21 12:20:47.946root 11241100x8000000000000000653652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc07b768a129b1302021-12-21 12:20:47.946root 11241100x8000000000000000653653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d146aedefa12bf2021-12-21 12:20:47.946root 11241100x8000000000000000653654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccff0e03339c13c2021-12-21 12:20:47.947root 11241100x8000000000000000653655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ece82687233be0f2021-12-21 12:20:47.947root 354300x8000000000000000653656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.076{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49854-false10.0.1.12-8000- 11241100x8000000000000000653657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ad5821362405c42021-12-21 12:20:48.442root 11241100x8000000000000000653658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d4ac9a5ebd8b0d2021-12-21 12:20:48.443root 11241100x8000000000000000653659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f91ec7e50137f62021-12-21 12:20:48.443root 11241100x8000000000000000653660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e5a3c0f40ace3c2021-12-21 12:20:48.443root 11241100x8000000000000000653661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522e7e92feb423032021-12-21 12:20:48.443root 11241100x8000000000000000653662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0921f9abeebd3b322021-12-21 12:20:48.443root 11241100x8000000000000000653663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17534a05506d6a42021-12-21 12:20:48.443root 11241100x8000000000000000653664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ef5e6bdca92b762021-12-21 12:20:48.444root 11241100x8000000000000000653665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872f99a5d9087efc2021-12-21 12:20:48.444root 11241100x8000000000000000653666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90873a6a00d637d32021-12-21 12:20:48.444root 11241100x8000000000000000653667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03bf037d0988ef32021-12-21 12:20:48.444root 11241100x8000000000000000653668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae22db9f39116ae2021-12-21 12:20:48.444root 11241100x8000000000000000653669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaa84f12725f31b2021-12-21 12:20:48.444root 11241100x8000000000000000653670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de69c37aa1409bb32021-12-21 12:20:48.444root 11241100x8000000000000000653671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630ea1de38d371a02021-12-21 12:20:48.445root 11241100x8000000000000000653672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9354f9ff1719b1122021-12-21 12:20:48.445root 11241100x8000000000000000653673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e40968f021a2fe2021-12-21 12:20:48.445root 11241100x8000000000000000653674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c66c54528f104a52021-12-21 12:20:48.445root 11241100x8000000000000000653675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5985de3962825e2021-12-21 12:20:48.445root 11241100x8000000000000000653676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8f3afe087f7b4e2021-12-21 12:20:48.445root 11241100x8000000000000000653677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c63a94cdf18e1862021-12-21 12:20:48.445root 11241100x8000000000000000653678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68026165f5ab767c2021-12-21 12:20:48.445root 11241100x8000000000000000653679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e32d39c36097492021-12-21 12:20:48.446root 11241100x8000000000000000653680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ef10eed6d55d2d2021-12-21 12:20:48.446root 11241100x8000000000000000653681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddc3952848edc4f2021-12-21 12:20:48.446root 11241100x8000000000000000653682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863617dd692e0ae22021-12-21 12:20:48.446root 11241100x8000000000000000653683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2d9b5f8c9fc3862021-12-21 12:20:48.446root 11241100x8000000000000000653684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bf715c5d0e604b2021-12-21 12:20:48.446root 11241100x8000000000000000653685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9740f60d4b07dc982021-12-21 12:20:48.446root 11241100x8000000000000000653686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592a22213d6c6c772021-12-21 12:20:48.446root 11241100x8000000000000000653687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4226dac695d6792021-12-21 12:20:48.447root 11241100x8000000000000000653688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c665d380dbf0b272021-12-21 12:20:48.943root 11241100x8000000000000000653689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6ba461b741f23f2021-12-21 12:20:48.943root 11241100x8000000000000000653690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccb7b9250f4792e2021-12-21 12:20:48.943root 11241100x8000000000000000653691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15833e947b038d3d2021-12-21 12:20:48.943root 11241100x8000000000000000653692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad138108da1207a32021-12-21 12:20:48.944root 11241100x8000000000000000653693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff32227f1ea611f2021-12-21 12:20:48.944root 11241100x8000000000000000653694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cc09895ad611772021-12-21 12:20:48.944root 11241100x8000000000000000653695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aefe5dd5500c9862021-12-21 12:20:48.944root 11241100x8000000000000000653696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e6d5e8065d00832021-12-21 12:20:48.944root 11241100x8000000000000000653697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c648322ed1e7d82021-12-21 12:20:48.944root 11241100x8000000000000000653698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836a2c1be38452272021-12-21 12:20:48.944root 11241100x8000000000000000653699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd37f098e56f9c32021-12-21 12:20:48.944root 11241100x8000000000000000653700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cfdf501a723b302021-12-21 12:20:48.944root 11241100x8000000000000000653701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdba47ba1686d2882021-12-21 12:20:48.944root 11241100x8000000000000000653702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdbf82b8af455a32021-12-21 12:20:48.944root 11241100x8000000000000000653703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d7d82cdca4a5b02021-12-21 12:20:48.944root 11241100x8000000000000000653704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293f61017cdc67722021-12-21 12:20:48.944root 11241100x8000000000000000653705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef66a420a6ca0c742021-12-21 12:20:48.944root 11241100x8000000000000000653706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49544bf126423c6a2021-12-21 12:20:48.945root 11241100x8000000000000000653707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2c3bf82b8fad462021-12-21 12:20:48.945root 11241100x8000000000000000653708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c8a217925c34572021-12-21 12:20:48.945root 11241100x8000000000000000653709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a3656094fa2a872021-12-21 12:20:48.945root 11241100x8000000000000000653710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7653eae8858c90162021-12-21 12:20:48.945root 11241100x8000000000000000653711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95142e0c6ac5adab2021-12-21 12:20:48.945root 11241100x8000000000000000653712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309cfa13c8362af82021-12-21 12:20:48.945root 11241100x8000000000000000653713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1282665c16d7b15d2021-12-21 12:20:48.945root 11241100x8000000000000000653714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93292eda7644ec292021-12-21 12:20:48.946root 11241100x8000000000000000653715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0280b9d131c75ee52021-12-21 12:20:49.442root 11241100x8000000000000000653716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65a47107b586bc82021-12-21 12:20:49.443root 11241100x8000000000000000653717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1628cb4d0328564c2021-12-21 12:20:49.443root 11241100x8000000000000000653718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8822b29cb9b2002021-12-21 12:20:49.443root 11241100x8000000000000000653719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68355c33caa2dd72021-12-21 12:20:49.443root 11241100x8000000000000000653720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92310deaa4abe60f2021-12-21 12:20:49.443root 11241100x8000000000000000653721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f08acc3b4217422021-12-21 12:20:49.443root 11241100x8000000000000000653722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2d88a098bade1f2021-12-21 12:20:49.443root 11241100x8000000000000000653723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967a624ce37e76db2021-12-21 12:20:49.443root 11241100x8000000000000000653724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d6c1d8cc519d8a2021-12-21 12:20:49.444root 11241100x8000000000000000653725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00efd6effe16175c2021-12-21 12:20:49.444root 11241100x8000000000000000653726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1a2a5802c76c4e2021-12-21 12:20:49.444root 11241100x8000000000000000653727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46d7e1d0e119e662021-12-21 12:20:49.444root 11241100x8000000000000000653728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8a1c2af8992d922021-12-21 12:20:49.444root 11241100x8000000000000000653729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec42a3017f0b22f2021-12-21 12:20:49.444root 11241100x8000000000000000653730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c32ed623a6813b12021-12-21 12:20:49.444root 11241100x8000000000000000653731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1955f27cee1b2d2021-12-21 12:20:49.444root 11241100x8000000000000000653732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d889a0860e1bf9b2021-12-21 12:20:49.444root 11241100x8000000000000000653733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f4ebf424ac60b82021-12-21 12:20:49.445root 11241100x8000000000000000653734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c48febd5fbbbfd2021-12-21 12:20:49.445root 11241100x8000000000000000653735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8105efed4a05f9972021-12-21 12:20:49.445root 11241100x8000000000000000653736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c653287c21b2182021-12-21 12:20:49.445root 11241100x8000000000000000653737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9ac4e0de9a0f1a2021-12-21 12:20:49.445root 11241100x8000000000000000653738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2ab61b2046a1c92021-12-21 12:20:49.445root 11241100x8000000000000000653739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc39d393429e7df2021-12-21 12:20:49.445root 11241100x8000000000000000653740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c611b2f7b02c4422021-12-21 12:20:49.445root 11241100x8000000000000000653741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bfdec0f20288a32021-12-21 12:20:49.446root 11241100x8000000000000000653742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ca52e5ed65e6d62021-12-21 12:20:49.446root 11241100x8000000000000000653743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aefd9777e2f81f22021-12-21 12:20:49.446root 11241100x8000000000000000653744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be15280c9c80b0c62021-12-21 12:20:49.446root 11241100x8000000000000000653745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e509c79e80f59b2b2021-12-21 12:20:49.446root 11241100x8000000000000000653746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3a19edef0150502021-12-21 12:20:49.447root 11241100x8000000000000000653747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d046093029c0e692021-12-21 12:20:49.943root 11241100x8000000000000000653748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66be4f0d2454c792021-12-21 12:20:49.943root 11241100x8000000000000000653749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb28f02a9a86b882021-12-21 12:20:49.943root 11241100x8000000000000000653750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eabebd0e312ca532021-12-21 12:20:49.943root 11241100x8000000000000000653751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0b771cd582cdf22021-12-21 12:20:49.943root 11241100x8000000000000000653752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0055fa6967da192021-12-21 12:20:49.943root 11241100x8000000000000000653753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c451d66c5e604a2021-12-21 12:20:49.943root 11241100x8000000000000000653754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49b2aa693009f8c2021-12-21 12:20:49.943root 11241100x8000000000000000653755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ec495ae156fc952021-12-21 12:20:49.943root 11241100x8000000000000000653756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37003b9fc9be1f022021-12-21 12:20:49.943root 11241100x8000000000000000653757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a4d9173716e6c32021-12-21 12:20:49.943root 11241100x8000000000000000653758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1025caf910d38a2021-12-21 12:20:49.944root 11241100x8000000000000000653759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bf6f11eecd13a22021-12-21 12:20:49.944root 11241100x8000000000000000653760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5ee7fe57a1b5932021-12-21 12:20:49.944root 11241100x8000000000000000653761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281a2bc775ecb5f52021-12-21 12:20:49.944root 11241100x8000000000000000653762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049ce8731e7ea3ea2021-12-21 12:20:49.944root 11241100x8000000000000000653763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a35979ac2edac2c2021-12-21 12:20:49.944root 11241100x8000000000000000653764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec14953b46c210b2021-12-21 12:20:49.944root 11241100x8000000000000000653765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6dffd228e93d7e2021-12-21 12:20:49.944root 11241100x8000000000000000653766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4278fca43607632021-12-21 12:20:49.944root 11241100x8000000000000000653767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd793dfdeaaad8e2021-12-21 12:20:49.944root 11241100x8000000000000000653768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6b9e09df534bea2021-12-21 12:20:49.944root 11241100x8000000000000000653769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecc24a1198c38eb2021-12-21 12:20:49.945root 11241100x8000000000000000653770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f7db44cb63d1fa2021-12-21 12:20:49.945root 11241100x8000000000000000653771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8932658b83ac88b32021-12-21 12:20:49.945root 11241100x8000000000000000653772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75abf7fa7e2168962021-12-21 12:20:49.945root 11241100x8000000000000000653773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f701f5a9f68d17e2021-12-21 12:20:49.945root 11241100x8000000000000000653774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5b40c37886d2a02021-12-21 12:20:49.945root 11241100x8000000000000000653775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a664678f40e54f252021-12-21 12:20:49.945root 11241100x8000000000000000653776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc50c4739c0e5792021-12-21 12:20:49.945root 11241100x8000000000000000653777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1a68e6476a3a172021-12-21 12:20:49.945root 11241100x8000000000000000653778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e924054fe577c49a2021-12-21 12:20:49.946root 11241100x8000000000000000653779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a843d7507ee865462021-12-21 12:20:50.443root 11241100x8000000000000000653780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf66e808e294ff02021-12-21 12:20:50.443root 11241100x8000000000000000653781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d368d77a3ac09c2021-12-21 12:20:50.444root 11241100x8000000000000000653782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5296780e9568d912021-12-21 12:20:50.444root 11241100x8000000000000000653783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d8ad79a94070bc2021-12-21 12:20:50.444root 11241100x8000000000000000653784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16583ee807837ff2021-12-21 12:20:50.444root 11241100x8000000000000000653785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4c57402fed75d82021-12-21 12:20:50.444root 11241100x8000000000000000653786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5814dc15a5ea21d2021-12-21 12:20:50.444root 11241100x8000000000000000653787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251df758cd842b222021-12-21 12:20:50.444root 11241100x8000000000000000653788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613fcbca725689962021-12-21 12:20:50.444root 11241100x8000000000000000653789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3b693b5ff5eefc2021-12-21 12:20:50.444root 11241100x8000000000000000653790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5f08e24181e0c62021-12-21 12:20:50.444root 11241100x8000000000000000653791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2566f5d552da425c2021-12-21 12:20:50.445root 11241100x8000000000000000653792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3b8eaee2fac10f2021-12-21 12:20:50.445root 11241100x8000000000000000653793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3512d39975f675482021-12-21 12:20:50.445root 11241100x8000000000000000653794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650ebdfdd370f0f42021-12-21 12:20:50.445root 11241100x8000000000000000653795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18551073a6dbb83d2021-12-21 12:20:50.445root 11241100x8000000000000000653796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51f66bd1e9b429e2021-12-21 12:20:50.445root 11241100x8000000000000000653797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2062af2b7823aed2021-12-21 12:20:50.445root 11241100x8000000000000000653798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd27ae2e7d371dcd2021-12-21 12:20:50.445root 11241100x8000000000000000653799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ed70df440446772021-12-21 12:20:50.445root 11241100x8000000000000000653800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfaeb4ee4151a0d2021-12-21 12:20:50.445root 11241100x8000000000000000653801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b42f3674a41e1e2021-12-21 12:20:50.445root 11241100x8000000000000000653802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943ea234841980462021-12-21 12:20:50.446root 11241100x8000000000000000653803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881fdfbd38e46acf2021-12-21 12:20:50.446root 11241100x8000000000000000653804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9f4839a34b9d722021-12-21 12:20:50.446root 11241100x8000000000000000653805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb3ee6d4d203bf32021-12-21 12:20:50.446root 11241100x8000000000000000653806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471cd1cd0a2623ef2021-12-21 12:20:50.943root 11241100x8000000000000000653807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfca545226f09522021-12-21 12:20:50.943root 11241100x8000000000000000653808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c5760de88a37972021-12-21 12:20:50.943root 11241100x8000000000000000653809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506da1912a41c50d2021-12-21 12:20:50.943root 11241100x8000000000000000653810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db0480d1c1a1fd12021-12-21 12:20:50.943root 11241100x8000000000000000653811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab4ade161afa9692021-12-21 12:20:50.944root 11241100x8000000000000000653812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea60e43d39335f5d2021-12-21 12:20:50.944root 11241100x8000000000000000653813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e684755e3d83ba2021-12-21 12:20:50.944root 11241100x8000000000000000653814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e489a2c7430d20e72021-12-21 12:20:50.944root 11241100x8000000000000000653815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5228c4b4bb88932021-12-21 12:20:50.944root 11241100x8000000000000000653816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072c2308dd8511b62021-12-21 12:20:50.945root 11241100x8000000000000000653817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83ea8db409704c52021-12-21 12:20:50.945root 11241100x8000000000000000653818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c095e1d0f7be2ac82021-12-21 12:20:50.945root 11241100x8000000000000000653819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69bba5319b560212021-12-21 12:20:50.945root 11241100x8000000000000000653820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d9cf458ebc49442021-12-21 12:20:50.945root 11241100x8000000000000000653821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e328682ad4028f12021-12-21 12:20:50.945root 11241100x8000000000000000653822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7086b5c639cda6ef2021-12-21 12:20:50.945root 11241100x8000000000000000653823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f274fead39b9d92021-12-21 12:20:50.945root 11241100x8000000000000000653824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de339e7030a65a1c2021-12-21 12:20:50.946root 11241100x8000000000000000653825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27f990d5f8aa7cb2021-12-21 12:20:50.946root 11241100x8000000000000000653826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928903d5a086e1e42021-12-21 12:20:50.946root 11241100x8000000000000000653827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c855bd3d5e71f52021-12-21 12:20:50.946root 11241100x8000000000000000653828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61d333ddcf4c33b2021-12-21 12:20:50.946root 11241100x8000000000000000653829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf13a9b34ddbd8f2021-12-21 12:20:50.946root 11241100x8000000000000000653830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9457c930aa8270c2021-12-21 12:20:50.946root 11241100x8000000000000000653831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7909bd244616f9f52021-12-21 12:20:50.946root 11241100x8000000000000000653832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369e2c0ebc8069972021-12-21 12:20:50.947root 11241100x8000000000000000653833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a02b2c1a58288ac2021-12-21 12:20:50.947root 11241100x8000000000000000653834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7321af95e7e1f62021-12-21 12:20:50.947root 11241100x8000000000000000653835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4cab78bc079ef22021-12-21 12:20:50.947root 11241100x8000000000000000653836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eddb460ed42c7bdd2021-12-21 12:20:51.443root 11241100x8000000000000000653837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f17c049bead3862021-12-21 12:20:51.443root 11241100x8000000000000000653838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a3feeade356c9b2021-12-21 12:20:51.443root 11241100x8000000000000000653839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0bea29b5254afc2021-12-21 12:20:51.443root 11241100x8000000000000000653840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f348eeb5c1c009e32021-12-21 12:20:51.443root 11241100x8000000000000000653841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cc8b6fb92734e62021-12-21 12:20:51.443root 11241100x8000000000000000653842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5185fa0fff6a422021-12-21 12:20:51.443root 11241100x8000000000000000653843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a437d7d3e15c17d92021-12-21 12:20:51.443root 11241100x8000000000000000653844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e76e06eed5aedb2021-12-21 12:20:51.444root 11241100x8000000000000000653845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5fab0b8f96e3ba2021-12-21 12:20:51.444root 11241100x8000000000000000653846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc2837b3aa12a812021-12-21 12:20:51.444root 11241100x8000000000000000653847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34616561201d70af2021-12-21 12:20:51.444root 11241100x8000000000000000653848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f60da41e8739c8b2021-12-21 12:20:51.444root 11241100x8000000000000000653849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9270146e39a94ece2021-12-21 12:20:51.444root 11241100x8000000000000000653850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e347732c3a5d20e22021-12-21 12:20:51.444root 11241100x8000000000000000653851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e365d58a77fa492021-12-21 12:20:51.445root 11241100x8000000000000000653852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750d548bef90321d2021-12-21 12:20:51.445root 11241100x8000000000000000653853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787b76d02ce628c22021-12-21 12:20:51.445root 11241100x8000000000000000653854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a3dc0359b1dce02021-12-21 12:20:51.445root 11241100x8000000000000000653855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d95a0ee5e007f12021-12-21 12:20:51.445root 11241100x8000000000000000653856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ec5da1525ebe9a2021-12-21 12:20:51.445root 11241100x8000000000000000653857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b96c47f5aa6d46f2021-12-21 12:20:51.445root 11241100x8000000000000000653858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc7c8d76d4c8fe22021-12-21 12:20:51.445root 11241100x8000000000000000653859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50cdc0653bb4d9f2021-12-21 12:20:51.445root 11241100x8000000000000000653860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d3612e62ccb2f42021-12-21 12:20:51.445root 11241100x8000000000000000653861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be233dcb667ab7502021-12-21 12:20:51.445root 11241100x8000000000000000653862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9ebd4aa6f3bb462021-12-21 12:20:51.446root 11241100x8000000000000000653863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48418b62cc38f32f2021-12-21 12:20:51.446root 11241100x8000000000000000653864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a677eaae6fc82242021-12-21 12:20:51.446root 11241100x8000000000000000653865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271f450529e3b8972021-12-21 12:20:51.446root 11241100x8000000000000000653866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ea9ea58bd2c7a72021-12-21 12:20:51.446root 11241100x8000000000000000653867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3621a041555026af2021-12-21 12:20:51.943root 11241100x8000000000000000653868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325ff58827e37b272021-12-21 12:20:51.943root 11241100x8000000000000000653869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78f55b146bfaf5e2021-12-21 12:20:51.943root 11241100x8000000000000000653870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab6db9b2fb3e5d02021-12-21 12:20:51.943root 11241100x8000000000000000653871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171836d2c7da35cb2021-12-21 12:20:51.943root 11241100x8000000000000000653872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05efffbfd4aab672021-12-21 12:20:51.944root 11241100x8000000000000000653873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fe9aec85ac82512021-12-21 12:20:51.944root 11241100x8000000000000000653874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73686a4923ca33be2021-12-21 12:20:51.944root 11241100x8000000000000000653875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed684b1b230131b2021-12-21 12:20:51.944root 11241100x8000000000000000653876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ebd69a2034a7352021-12-21 12:20:51.944root 11241100x8000000000000000653877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24b5b44f160138f2021-12-21 12:20:51.944root 11241100x8000000000000000653878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bf221f6fa8f9bb2021-12-21 12:20:51.944root 11241100x8000000000000000653879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57a91e8afa69a672021-12-21 12:20:51.944root 11241100x8000000000000000653880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c924db8cb4ea51242021-12-21 12:20:51.944root 11241100x8000000000000000653881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5307173d70ed9b62021-12-21 12:20:51.945root 11241100x8000000000000000653882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b96f474590c11472021-12-21 12:20:51.945root 11241100x8000000000000000653883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2866ffd64488738a2021-12-21 12:20:51.945root 11241100x8000000000000000653884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600d87f2a536151f2021-12-21 12:20:51.945root 11241100x8000000000000000653885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2223de118ff7f12021-12-21 12:20:51.945root 11241100x8000000000000000653886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206b1e5e35cbe9492021-12-21 12:20:51.945root 11241100x8000000000000000653887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7c5a98465480312021-12-21 12:20:51.945root 11241100x8000000000000000653888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989dcb44f89feb5d2021-12-21 12:20:51.945root 11241100x8000000000000000653889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b8dce2d566a1f12021-12-21 12:20:51.945root 11241100x8000000000000000653890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3d785cf99162852021-12-21 12:20:51.945root 11241100x8000000000000000653891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45929f65a58448a32021-12-21 12:20:51.945root 11241100x8000000000000000653892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bba3629bc1b02a32021-12-21 12:20:51.946root 11241100x8000000000000000653893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371086ede3a272342021-12-21 12:20:51.946root 11241100x8000000000000000653894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58224bf1556978df2021-12-21 12:20:51.946root 11241100x8000000000000000653895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77575a98af0fe8b2021-12-21 12:20:52.443root 11241100x8000000000000000653896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8badea4e89794f2d2021-12-21 12:20:52.443root 11241100x8000000000000000653897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c50b8efc4798f292021-12-21 12:20:52.443root 11241100x8000000000000000653898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed7cc76418e42e62021-12-21 12:20:52.443root 11241100x8000000000000000653899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6c013b3f7380b22021-12-21 12:20:52.443root 11241100x8000000000000000653900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55838a52fc7c38352021-12-21 12:20:52.443root 11241100x8000000000000000653901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16827aab857221c2021-12-21 12:20:52.443root 11241100x8000000000000000653902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da6bc2847842a7b2021-12-21 12:20:52.443root 11241100x8000000000000000653903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69986fe6f7afe7b32021-12-21 12:20:52.443root 11241100x8000000000000000653904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb24c943af1493292021-12-21 12:20:52.444root 11241100x8000000000000000653905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f3124b513688e12021-12-21 12:20:52.444root 11241100x8000000000000000653906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7965f5ad15d466f2021-12-21 12:20:52.444root 11241100x8000000000000000653907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af25161a246142b22021-12-21 12:20:52.444root 11241100x8000000000000000653908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035456e157b7c5132021-12-21 12:20:52.444root 11241100x8000000000000000653909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cb258604fff0602021-12-21 12:20:52.444root 11241100x8000000000000000653910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce547841227dbcd2021-12-21 12:20:52.444root 11241100x8000000000000000653911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799fd409a087b3f02021-12-21 12:20:52.444root 11241100x8000000000000000653912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184a90453916e54d2021-12-21 12:20:52.444root 11241100x8000000000000000653913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bee92aec6dcd842021-12-21 12:20:52.444root 11241100x8000000000000000653914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027cf0aace2594ed2021-12-21 12:20:52.445root 11241100x8000000000000000653915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f59d608e7be4792021-12-21 12:20:52.445root 11241100x8000000000000000653916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66220c6623d2700d2021-12-21 12:20:52.445root 11241100x8000000000000000653917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835ba6db50039b752021-12-21 12:20:52.445root 11241100x8000000000000000653918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f09750a629e5f022021-12-21 12:20:52.445root 11241100x8000000000000000653919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ea717207669e1a2021-12-21 12:20:52.445root 11241100x8000000000000000653920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4caa6e2864d71af2021-12-21 12:20:52.446root 11241100x8000000000000000653921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea311a5568bdc702021-12-21 12:20:52.446root 11241100x8000000000000000653922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61dd497e246d105b2021-12-21 12:20:52.943root 11241100x8000000000000000653923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf39281fc068bbd2021-12-21 12:20:52.943root 11241100x8000000000000000653924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4318040afa958842021-12-21 12:20:52.944root 11241100x8000000000000000653925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f1c43d3efbbb402021-12-21 12:20:52.944root 11241100x8000000000000000653926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9664bb30dc1e7f2021-12-21 12:20:52.944root 11241100x8000000000000000653927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd49d31842346262021-12-21 12:20:52.944root 11241100x8000000000000000653928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7bd03eff2b8b8a2021-12-21 12:20:52.944root 11241100x8000000000000000653929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ad27256f7b612b2021-12-21 12:20:52.944root 11241100x8000000000000000653930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba89788a607249202021-12-21 12:20:52.945root 11241100x8000000000000000653931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc2cc1c66f1decb2021-12-21 12:20:52.945root 11241100x8000000000000000653932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16dbf0c1e9fd68672021-12-21 12:20:52.945root 11241100x8000000000000000653933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3ecc14edaf05f62021-12-21 12:20:52.945root 11241100x8000000000000000653934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d109d6c5d69268a12021-12-21 12:20:52.946root 11241100x8000000000000000653935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5995f8ec746150422021-12-21 12:20:52.946root 11241100x8000000000000000653936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab121b8e328445062021-12-21 12:20:52.946root 11241100x8000000000000000653937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd0de971150fd852021-12-21 12:20:52.946root 11241100x8000000000000000653938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0714692eb89dcaaa2021-12-21 12:20:52.946root 11241100x8000000000000000653939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83177ca5c2e204542021-12-21 12:20:52.946root 11241100x8000000000000000653940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15933997cf0cf2d52021-12-21 12:20:52.946root 11241100x8000000000000000653941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5e802c39ac97f22021-12-21 12:20:52.946root 11241100x8000000000000000653942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9767d2510f2e1cab2021-12-21 12:20:52.946root 11241100x8000000000000000653943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142cdf8282639d722021-12-21 12:20:52.946root 11241100x8000000000000000653944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bdd6a2bf75f3e72021-12-21 12:20:52.947root 11241100x8000000000000000653945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410580215043fc392021-12-21 12:20:52.947root 11241100x8000000000000000653946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42fe9f7071d4dae32021-12-21 12:20:52.947root 11241100x8000000000000000653947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470d7e989f23315b2021-12-21 12:20:52.947root 11241100x8000000000000000653948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cba496012c7a6b2021-12-21 12:20:52.947root 354300x8000000000000000653949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.197{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49856-false10.0.1.12-8000- 11241100x8000000000000000653950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff06c2d4ade030d2021-12-21 12:20:53.197root 11241100x8000000000000000653951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e793b26f7418c9c2021-12-21 12:20:53.198root 11241100x8000000000000000653952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c495fbf9a2cad482021-12-21 12:20:53.198root 11241100x8000000000000000653953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b2f494c4f132b42021-12-21 12:20:53.198root 11241100x8000000000000000653954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16eb794059c453352021-12-21 12:20:53.198root 11241100x8000000000000000653955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f293c42c407c052021-12-21 12:20:53.198root 11241100x8000000000000000653956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85ded21a1d007492021-12-21 12:20:53.198root 11241100x8000000000000000653957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706a346ccd637fba2021-12-21 12:20:53.198root 11241100x8000000000000000653958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6d0b22b55e16e12021-12-21 12:20:53.198root 11241100x8000000000000000653959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c043fc799239b4d2021-12-21 12:20:53.199root 11241100x8000000000000000653960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ef7fef7c97b4112021-12-21 12:20:53.199root 11241100x8000000000000000653961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350108e656d3503f2021-12-21 12:20:53.199root 11241100x8000000000000000653962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac781554096c84c82021-12-21 12:20:53.199root 11241100x8000000000000000653963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c35ce7a3b4913492021-12-21 12:20:53.199root 11241100x8000000000000000653964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54946211d50cc1a32021-12-21 12:20:53.200root 11241100x8000000000000000653965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3a2f55e8c09cd82021-12-21 12:20:53.200root 11241100x8000000000000000653966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51269ea3237f00302021-12-21 12:20:53.200root 11241100x8000000000000000653967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334299f9ea6c4b7b2021-12-21 12:20:53.200root 11241100x8000000000000000653968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379593be8ad8677c2021-12-21 12:20:53.201root 11241100x8000000000000000653969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8fcb0923b4856a2021-12-21 12:20:53.201root 11241100x8000000000000000653970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27acc6b092fa0582021-12-21 12:20:53.201root 11241100x8000000000000000653971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e179cbda7c63812021-12-21 12:20:53.201root 11241100x8000000000000000653972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f728c1705645272021-12-21 12:20:53.201root 11241100x8000000000000000653973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71db1fbb592a5f972021-12-21 12:20:53.202root 11241100x8000000000000000653974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5cadca9ad975842021-12-21 12:20:53.202root 11241100x8000000000000000653975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7360931ed7501d32021-12-21 12:20:53.202root 11241100x8000000000000000653976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3087989df88b0b2021-12-21 12:20:53.202root 11241100x8000000000000000653977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2f54ac4013cf8e2021-12-21 12:20:53.202root 11241100x8000000000000000653978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869bbeb104279dcf2021-12-21 12:20:53.692root 11241100x8000000000000000653979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ee5f3c5c14c0c72021-12-21 12:20:53.693root 11241100x8000000000000000653980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1fa6e990892a822021-12-21 12:20:53.693root 11241100x8000000000000000653981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155260f95f6cd7832021-12-21 12:20:53.693root 11241100x8000000000000000653982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b90b17aa4300fd2021-12-21 12:20:53.693root 11241100x8000000000000000653983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae078747b21a4932021-12-21 12:20:53.693root 11241100x8000000000000000653984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c024c982b615c42021-12-21 12:20:53.693root 11241100x8000000000000000653985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050c76ece37f904c2021-12-21 12:20:53.693root 11241100x8000000000000000653986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b5945028ffe7972021-12-21 12:20:53.693root 11241100x8000000000000000653987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e482ee3b4bfd5c2021-12-21 12:20:53.694root 11241100x8000000000000000653988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafc0efe441710542021-12-21 12:20:53.694root 11241100x8000000000000000653989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9471c150fe8bfa8b2021-12-21 12:20:53.694root 11241100x8000000000000000653990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39a976c4f8a4fa72021-12-21 12:20:53.694root 11241100x8000000000000000653991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac3c4ac1f9b03db2021-12-21 12:20:53.694root 11241100x8000000000000000653992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9855adacc6bf750d2021-12-21 12:20:53.695root 11241100x8000000000000000653993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a876475124000422021-12-21 12:20:53.695root 11241100x8000000000000000653994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6638d0831a5be22021-12-21 12:20:53.695root 11241100x8000000000000000653995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec423cc6eb433a22021-12-21 12:20:53.695root 11241100x8000000000000000653996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8d900439a7a4f52021-12-21 12:20:53.695root 11241100x8000000000000000653997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59afff2e5968b38f2021-12-21 12:20:53.695root 11241100x8000000000000000653998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a89433012e1320f2021-12-21 12:20:53.695root 11241100x8000000000000000653999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0088260c6d86aa5e2021-12-21 12:20:53.696root 11241100x8000000000000000654000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8794c44a7620912021-12-21 12:20:53.696root 11241100x8000000000000000654001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecff0ba66f391682021-12-21 12:20:53.696root 11241100x8000000000000000654002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a62ae096ac04e0b2021-12-21 12:20:53.696root 11241100x8000000000000000654003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497269a19cfe12752021-12-21 12:20:53.696root 11241100x8000000000000000654004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49ba5fd9b335b5d2021-12-21 12:20:53.696root 11241100x8000000000000000654005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352ef6527df2e0be2021-12-21 12:20:53.696root 11241100x8000000000000000654006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9f10b41844d6a22021-12-21 12:20:54.193root 11241100x8000000000000000654007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afc27a9884346db2021-12-21 12:20:54.194root 11241100x8000000000000000654008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc57d9b17a6f2e8f2021-12-21 12:20:54.194root 11241100x8000000000000000654009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e46c1a4755cd15b2021-12-21 12:20:54.194root 11241100x8000000000000000654010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffa3d7e2c2c117b2021-12-21 12:20:54.194root 11241100x8000000000000000654011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf475392b2fe0f92021-12-21 12:20:54.195root 11241100x8000000000000000654012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf046571c1ddf192021-12-21 12:20:54.195root 11241100x8000000000000000654013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0128e1d21aa674db2021-12-21 12:20:54.195root 11241100x8000000000000000654014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3517d1d95960f97b2021-12-21 12:20:54.195root 11241100x8000000000000000654015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6312c67ef90521e22021-12-21 12:20:54.195root 11241100x8000000000000000654016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2658e629439dac12021-12-21 12:20:54.195root 11241100x8000000000000000654017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac76d00d93087bd2021-12-21 12:20:54.195root 11241100x8000000000000000654018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95a4f2ec34e13912021-12-21 12:20:54.196root 11241100x8000000000000000654019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac74d37997805bd42021-12-21 12:20:54.196root 11241100x8000000000000000654020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85055c37e7517a52021-12-21 12:20:54.196root 11241100x8000000000000000654021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fa5509441c70792021-12-21 12:20:54.196root 11241100x8000000000000000654022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fcd8b00903ce5f82021-12-21 12:20:54.196root 11241100x8000000000000000654023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48ac2b2ee7bc84e2021-12-21 12:20:54.196root 11241100x8000000000000000654024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d1010693e3b70a2021-12-21 12:20:54.196root 11241100x8000000000000000654025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825ecd2a207bdc432021-12-21 12:20:54.196root 11241100x8000000000000000654026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8728eaba45377f4e2021-12-21 12:20:54.196root 11241100x8000000000000000654027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc6794d07bca0122021-12-21 12:20:54.197root 11241100x8000000000000000654028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693da46deef584bf2021-12-21 12:20:54.197root 11241100x8000000000000000654029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a106deb5d54d492021-12-21 12:20:54.197root 11241100x8000000000000000654030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352ee1e30da7d9922021-12-21 12:20:54.197root 11241100x8000000000000000654031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36967a84d4dffe62021-12-21 12:20:54.197root 11241100x8000000000000000654032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f593251f507b09202021-12-21 12:20:54.197root 11241100x8000000000000000654033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654f40333c939e772021-12-21 12:20:54.197root 11241100x8000000000000000654034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fac9614ffadeac2021-12-21 12:20:54.692root 11241100x8000000000000000654035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124cbce574780ea62021-12-21 12:20:54.693root 11241100x8000000000000000654036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9245f6f405f1710b2021-12-21 12:20:54.693root 11241100x8000000000000000654037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4362067cf2649332021-12-21 12:20:54.693root 11241100x8000000000000000654038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddda7111c3972742021-12-21 12:20:54.693root 11241100x8000000000000000654039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e489d7af12fafe2021-12-21 12:20:54.694root 11241100x8000000000000000654040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad6aff7d8c8702d2021-12-21 12:20:54.694root 11241100x8000000000000000654041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0a1931e055c3df2021-12-21 12:20:54.694root 11241100x8000000000000000654042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b754abb21cc1d432021-12-21 12:20:54.694root 11241100x8000000000000000654043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1296e53501439ff42021-12-21 12:20:54.694root 11241100x8000000000000000654044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46819944112b49eb2021-12-21 12:20:54.695root 11241100x8000000000000000654045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178604813a2c57442021-12-21 12:20:54.695root 11241100x8000000000000000654046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af1224ec822e3062021-12-21 12:20:54.695root 11241100x8000000000000000654047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c3409f2b3b88502021-12-21 12:20:54.695root 11241100x8000000000000000654048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f6033ce026709b2021-12-21 12:20:54.695root 11241100x8000000000000000654049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b2562a52b42c2c2021-12-21 12:20:54.696root 11241100x8000000000000000654050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be0fcb8c9b218c12021-12-21 12:20:54.696root 11241100x8000000000000000654051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e450839bc6c2f9792021-12-21 12:20:54.696root 11241100x8000000000000000654052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad0d6eb971f68522021-12-21 12:20:54.696root 11241100x8000000000000000654053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9194e866473b81d92021-12-21 12:20:54.696root 11241100x8000000000000000654054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf40ec9d17aadb82021-12-21 12:20:54.696root 11241100x8000000000000000654055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d374515ce7344ea2021-12-21 12:20:54.696root 11241100x8000000000000000654056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd48845c223d98232021-12-21 12:20:54.697root 11241100x8000000000000000654057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b0363d39e7232a2021-12-21 12:20:54.697root 11241100x8000000000000000654058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e5b1f038d294fc2021-12-21 12:20:54.697root 11241100x8000000000000000654059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13f8d7bbdd0738a2021-12-21 12:20:54.697root 11241100x8000000000000000654060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aabdcf64e37fc2f2021-12-21 12:20:54.697root 11241100x8000000000000000654061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedec21a11d1e6f52021-12-21 12:20:54.697root 11241100x8000000000000000654062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfdfa4149e179a32021-12-21 12:20:54.698root 11241100x8000000000000000654063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266cba93ec77e0032021-12-21 12:20:54.698root 11241100x8000000000000000654064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2031ad1c70c09da52021-12-21 12:20:54.698root 11241100x8000000000000000654065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c68e7a61dd5a942021-12-21 12:20:54.698root 11241100x8000000000000000654066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935411f2ebd321d42021-12-21 12:20:55.194root 11241100x8000000000000000654067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ef377b0c83aaa52021-12-21 12:20:55.194root 11241100x8000000000000000654068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b0ce8207e8a85f2021-12-21 12:20:55.194root 11241100x8000000000000000654069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa3d041b8af353e2021-12-21 12:20:55.194root 11241100x8000000000000000654070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d584f1a5f7f1b4202021-12-21 12:20:55.194root 11241100x8000000000000000654071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29457a25e1892dca2021-12-21 12:20:55.194root 11241100x8000000000000000654072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bafa464f3825882021-12-21 12:20:55.194root 11241100x8000000000000000654073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de38aa8d1c68efe32021-12-21 12:20:55.194root 11241100x8000000000000000654074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5862183b820e1ede2021-12-21 12:20:55.194root 11241100x8000000000000000654075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce335f7f49420fe2021-12-21 12:20:55.194root 11241100x8000000000000000654076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbd2ebaf708acab2021-12-21 12:20:55.195root 11241100x8000000000000000654077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0575e1aadb48bdbc2021-12-21 12:20:55.195root 11241100x8000000000000000654078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bae3650e92dbba2021-12-21 12:20:55.195root 11241100x8000000000000000654079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8384194a53a353da2021-12-21 12:20:55.195root 11241100x8000000000000000654080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b912cd65fa23031d2021-12-21 12:20:55.195root 11241100x8000000000000000654081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6643af196498f3672021-12-21 12:20:55.195root 11241100x8000000000000000654082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7c265730dd317a2021-12-21 12:20:55.195root 11241100x8000000000000000654083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0d1c7000eea0fa2021-12-21 12:20:55.195root 11241100x8000000000000000654084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4920ca5efb5e1a2021-12-21 12:20:55.195root 11241100x8000000000000000654085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f852c2413bf78a32021-12-21 12:20:55.196root 11241100x8000000000000000654086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fef116c34124f72021-12-21 12:20:55.196root 11241100x8000000000000000654087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6739fd497442992021-12-21 12:20:55.196root 11241100x8000000000000000654088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aca313812b033642021-12-21 12:20:55.196root 11241100x8000000000000000654089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3efd244dcbdc0872021-12-21 12:20:55.196root 11241100x8000000000000000654090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eaf9a664e65afff2021-12-21 12:20:55.197root 11241100x8000000000000000654091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5855ba15a4e62872021-12-21 12:20:55.197root 11241100x8000000000000000654092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0edd3c844997ea2021-12-21 12:20:55.197root 11241100x8000000000000000654093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f872a1dd2ef1902021-12-21 12:20:55.197root 11241100x8000000000000000654094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f2e774a81361b52021-12-21 12:20:55.694root 11241100x8000000000000000654095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69687e27cec29f5e2021-12-21 12:20:55.694root 11241100x8000000000000000654096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b615c7d4e4f14d2021-12-21 12:20:55.694root 11241100x8000000000000000654097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f2e8412b4bbc182021-12-21 12:20:55.694root 11241100x8000000000000000654098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79734dc9fd7246b2021-12-21 12:20:55.695root 11241100x8000000000000000654099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4b28c73965e0de2021-12-21 12:20:55.695root 11241100x8000000000000000654100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c700982cd482a75c2021-12-21 12:20:55.695root 11241100x8000000000000000654101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b795b44e3533d42021-12-21 12:20:55.695root 11241100x8000000000000000654102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c630bfe422be32f72021-12-21 12:20:55.695root 11241100x8000000000000000654103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878c883ca745cab92021-12-21 12:20:55.695root 11241100x8000000000000000654104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67adb6a4ebec85022021-12-21 12:20:55.695root 11241100x8000000000000000654105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d56f3702e699132021-12-21 12:20:55.695root 11241100x8000000000000000654106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6690862a722602cb2021-12-21 12:20:55.696root 11241100x8000000000000000654107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d38ffefac47eae12021-12-21 12:20:55.696root 11241100x8000000000000000654108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6eec3956e3fb8682021-12-21 12:20:55.696root 11241100x8000000000000000654109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9331b8badc79b39e2021-12-21 12:20:55.696root 11241100x8000000000000000654110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4b601304980f222021-12-21 12:20:55.696root 11241100x8000000000000000654111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4a2f886c111da62021-12-21 12:20:55.696root 11241100x8000000000000000654112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45aa0da90ac972362021-12-21 12:20:55.696root 11241100x8000000000000000654113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d14e839e607d5b32021-12-21 12:20:55.696root 11241100x8000000000000000654114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3464d4146809ae42021-12-21 12:20:55.697root 11241100x8000000000000000654115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbef4e8042ecd1892021-12-21 12:20:55.697root 11241100x8000000000000000654116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc09a70a2c04a752021-12-21 12:20:55.697root 11241100x8000000000000000654117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189c8e501b33963f2021-12-21 12:20:55.697root 11241100x8000000000000000654118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8af90b8de4e8f312021-12-21 12:20:55.697root 11241100x8000000000000000654119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00200c04018536042021-12-21 12:20:55.697root 11241100x8000000000000000654120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fffea713f324d62021-12-21 12:20:55.697root 11241100x8000000000000000654121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8389f0c651beff1e2021-12-21 12:20:55.697root 11241100x8000000000000000654122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670f4a4dca2027802021-12-21 12:20:56.194root 11241100x8000000000000000654123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b519aea2705e312021-12-21 12:20:56.194root 11241100x8000000000000000654124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6494a6fb3cd09b2021-12-21 12:20:56.194root 11241100x8000000000000000654125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9671ea03dd3ddb52021-12-21 12:20:56.194root 11241100x8000000000000000654126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463486816cb467882021-12-21 12:20:56.194root 11241100x8000000000000000654127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea5f00c01984aa32021-12-21 12:20:56.194root 11241100x8000000000000000654128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b828636f6b61a862021-12-21 12:20:56.194root 11241100x8000000000000000654129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c78979fc44987182021-12-21 12:20:56.194root 11241100x8000000000000000654130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b1953d51ea013d2021-12-21 12:20:56.194root 11241100x8000000000000000654131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5d91dfc01661702021-12-21 12:20:56.194root 11241100x8000000000000000654132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05e65a4b909d7fc2021-12-21 12:20:56.194root 11241100x8000000000000000654133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e4e5b8dbf529782021-12-21 12:20:56.194root 11241100x8000000000000000654134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56edbb7af65438d2021-12-21 12:20:56.194root 11241100x8000000000000000654135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f8d2cfe5db247c2021-12-21 12:20:56.195root 11241100x8000000000000000654136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be07b777bd8fcc32021-12-21 12:20:56.195root 11241100x8000000000000000654137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c96887e986c01032021-12-21 12:20:56.195root 11241100x8000000000000000654138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5105cf17f8ccda282021-12-21 12:20:56.195root 11241100x8000000000000000654139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefb2c36fd4e83b72021-12-21 12:20:56.195root 11241100x8000000000000000654140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7354712e30c9f63b2021-12-21 12:20:56.195root 11241100x8000000000000000654141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e3e6be6de5bf0e2021-12-21 12:20:56.195root 11241100x8000000000000000654142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0fb01921a798f52021-12-21 12:20:56.195root 11241100x8000000000000000654143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ca87ad16de360a2021-12-21 12:20:56.195root 11241100x8000000000000000654144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd627205a06204c2021-12-21 12:20:56.195root 11241100x8000000000000000654145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef800bae2e141222021-12-21 12:20:56.195root 11241100x8000000000000000654146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10641913b887f3532021-12-21 12:20:56.195root 11241100x8000000000000000654147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f7cf6d06745f6d2021-12-21 12:20:56.195root 11241100x8000000000000000654148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363a230f186005db2021-12-21 12:20:56.195root 11241100x8000000000000000654149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ffd154b9fa5cb22021-12-21 12:20:56.196root 11241100x8000000000000000654150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6bb6bf66e854ad2021-12-21 12:20:56.694root 11241100x8000000000000000654151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4a23f1358b3dac2021-12-21 12:20:56.694root 11241100x8000000000000000654152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a4f66d648873eb2021-12-21 12:20:56.694root 11241100x8000000000000000654153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879519d746dd62182021-12-21 12:20:56.694root 11241100x8000000000000000654154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ccb90f28dadedb2021-12-21 12:20:56.694root 11241100x8000000000000000654155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56480adb314e6c422021-12-21 12:20:56.694root 11241100x8000000000000000654156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35b392a7a117ca72021-12-21 12:20:56.694root 11241100x8000000000000000654157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f1f0aebfbc054a2021-12-21 12:20:56.694root 11241100x8000000000000000654158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cc9ab6945df3db2021-12-21 12:20:56.694root 11241100x8000000000000000654159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34008170cad547fd2021-12-21 12:20:56.694root 11241100x8000000000000000654160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f5affb45178cd02021-12-21 12:20:56.694root 11241100x8000000000000000654161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2970a4229b75c02021-12-21 12:20:56.694root 11241100x8000000000000000654162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ece7b42dd493232021-12-21 12:20:56.694root 11241100x8000000000000000654163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0906531e81a6a0f42021-12-21 12:20:56.694root 11241100x8000000000000000654164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb95f13db4a2c18f2021-12-21 12:20:56.695root 11241100x8000000000000000654165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984890649a630c562021-12-21 12:20:56.695root 11241100x8000000000000000654166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25ec5e376948b2e2021-12-21 12:20:56.695root 11241100x8000000000000000654167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f469838b2bca51fa2021-12-21 12:20:56.695root 11241100x8000000000000000654168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51572da98dc57e002021-12-21 12:20:56.695root 11241100x8000000000000000654169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05951157c7704f32021-12-21 12:20:56.695root 11241100x8000000000000000654170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4e8c6bc0ba2cd02021-12-21 12:20:56.695root 11241100x8000000000000000654171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0588e70dacfee9c92021-12-21 12:20:56.695root 11241100x8000000000000000654172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e058d522d08f9132021-12-21 12:20:56.695root 11241100x8000000000000000654173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650c3154ba5fd1fe2021-12-21 12:20:56.695root 11241100x8000000000000000654174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9964c0aca82cbe42021-12-21 12:20:56.695root 11241100x8000000000000000654175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4374c43150ce372021-12-21 12:20:56.695root 11241100x8000000000000000654176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b86888b70b2d96e2021-12-21 12:20:56.695root 11241100x8000000000000000654177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410bc99943bf6c232021-12-21 12:20:56.695root 11241100x8000000000000000654178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbaf8d3a83f07422021-12-21 12:20:57.194root 11241100x8000000000000000654179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d855659c071459512021-12-21 12:20:57.194root 11241100x8000000000000000654180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8968ca6175e0c5532021-12-21 12:20:57.194root 11241100x8000000000000000654181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de76c46c3b666ef82021-12-21 12:20:57.194root 11241100x8000000000000000654182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89afb6dff8a9b5712021-12-21 12:20:57.194root 11241100x8000000000000000654183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a834f6803c45e72021-12-21 12:20:57.194root 11241100x8000000000000000654184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21141361d5468ceb2021-12-21 12:20:57.194root 11241100x8000000000000000654185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be257251eef4c5ff2021-12-21 12:20:57.194root 11241100x8000000000000000654186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550d90765b756dc92021-12-21 12:20:57.194root 11241100x8000000000000000654187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d16520b23549302021-12-21 12:20:57.195root 11241100x8000000000000000654188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c9d173242ab5fc2021-12-21 12:20:57.195root 11241100x8000000000000000654189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7698d2b12a4d43072021-12-21 12:20:57.195root 11241100x8000000000000000654190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63c32ed4c85333c2021-12-21 12:20:57.195root 11241100x8000000000000000654191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bb73fbec2be0182021-12-21 12:20:57.195root 11241100x8000000000000000654192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09afe691ade8ad1e2021-12-21 12:20:57.195root 11241100x8000000000000000654193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c7dacda8b930c12021-12-21 12:20:57.195root 11241100x8000000000000000654194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facfc0f4c00689542021-12-21 12:20:57.195root 11241100x8000000000000000654195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacc894576ab398b2021-12-21 12:20:57.195root 11241100x8000000000000000654196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d78ea1083bfd0b12021-12-21 12:20:57.195root 11241100x8000000000000000654197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdb1e95965093642021-12-21 12:20:57.195root 11241100x8000000000000000654198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509bbbf3f513fbaf2021-12-21 12:20:57.195root 11241100x8000000000000000654199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1955db2f3ae2d4782021-12-21 12:20:57.195root 11241100x8000000000000000654200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30332ba2fc2bec52021-12-21 12:20:57.195root 11241100x8000000000000000654201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66c01bc51510e0b2021-12-21 12:20:57.196root 11241100x8000000000000000654202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1153995df49009172021-12-21 12:20:57.196root 11241100x8000000000000000654203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52a8f21b227b3e92021-12-21 12:20:57.196root 11241100x8000000000000000654204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c76f1c1ebb8a9ea2021-12-21 12:20:57.196root 11241100x8000000000000000654205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311b4ca86ee295542021-12-21 12:20:57.196root 11241100x8000000000000000654206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3077f63f25196d92021-12-21 12:20:57.694root 11241100x8000000000000000654207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aeff0482e03c4d52021-12-21 12:20:57.694root 11241100x8000000000000000654208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b69933a6d66cc472021-12-21 12:20:57.694root 11241100x8000000000000000654209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7896eeb18acd502021-12-21 12:20:57.694root 11241100x8000000000000000654210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6324262d83223602021-12-21 12:20:57.694root 11241100x8000000000000000654211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac09c6af8e874dd2021-12-21 12:20:57.694root 11241100x8000000000000000654212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80b43d4a2a8d1a82021-12-21 12:20:57.694root 11241100x8000000000000000654213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1fb9ac3bf2939b2021-12-21 12:20:57.694root 11241100x8000000000000000654214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb642317dc66f472021-12-21 12:20:57.694root 11241100x8000000000000000654215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fa7557fbf328cf2021-12-21 12:20:57.695root 11241100x8000000000000000654216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a157981cd0046dfa2021-12-21 12:20:57.695root 11241100x8000000000000000654217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eec7afdf0df36bc2021-12-21 12:20:57.695root 11241100x8000000000000000654218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f0e4120a9935042021-12-21 12:20:57.695root 11241100x8000000000000000654219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a2291db75ca2e72021-12-21 12:20:57.695root 11241100x8000000000000000654220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b621ca8c01ad812021-12-21 12:20:57.695root 11241100x8000000000000000654221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef5139d1682de452021-12-21 12:20:57.695root 11241100x8000000000000000654222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6e59e2723c11012021-12-21 12:20:57.695root 11241100x8000000000000000654223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267b20f2d37ea1872021-12-21 12:20:57.695root 11241100x8000000000000000654224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0da2a8b8b1fd5a62021-12-21 12:20:57.695root 11241100x8000000000000000654225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f1d90dbb3812952021-12-21 12:20:57.695root 11241100x8000000000000000654226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a148f3e88805d22021-12-21 12:20:57.696root 11241100x8000000000000000654227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342e2ebe52bf5b442021-12-21 12:20:57.696root 11241100x8000000000000000654228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81776ea2d5da68822021-12-21 12:20:57.696root 11241100x8000000000000000654229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511f064346250cb72021-12-21 12:20:57.696root 11241100x8000000000000000654230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e256116789515d0d2021-12-21 12:20:57.696root 11241100x8000000000000000654231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9d2b0b30342abd2021-12-21 12:20:57.696root 11241100x8000000000000000654232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2187661a521994db2021-12-21 12:20:57.696root 11241100x8000000000000000654233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc9615a6ef62a082021-12-21 12:20:57.696root 11241100x8000000000000000654234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95199782fb2eec8c2021-12-21 12:20:58.194root 11241100x8000000000000000654235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc7c8fb62c503da2021-12-21 12:20:58.194root 11241100x8000000000000000654236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fde97f13983fcb2021-12-21 12:20:58.194root 11241100x8000000000000000654237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60006f7f4cd094042021-12-21 12:20:58.194root 11241100x8000000000000000654238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7a14dae671ceec2021-12-21 12:20:58.194root 11241100x8000000000000000654239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e18039e013453762021-12-21 12:20:58.194root 11241100x8000000000000000654240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82208c1130d32b402021-12-21 12:20:58.194root 11241100x8000000000000000654241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e90abd15e6faa9a2021-12-21 12:20:58.194root 11241100x8000000000000000654242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110f784afd3b0ff42021-12-21 12:20:58.194root 11241100x8000000000000000654243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1910c29733494b422021-12-21 12:20:58.194root 11241100x8000000000000000654244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1e817a8d34ae5d2021-12-21 12:20:58.194root 11241100x8000000000000000654245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff3dc4bb375aa2a2021-12-21 12:20:58.194root 11241100x8000000000000000654246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe8ec4ba6cc02402021-12-21 12:20:58.194root 11241100x8000000000000000654247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c1ba3f9ca0c8f92021-12-21 12:20:58.194root 11241100x8000000000000000654248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c96422c468f9092021-12-21 12:20:58.195root 11241100x8000000000000000654249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74032ded9b631282021-12-21 12:20:58.195root 11241100x8000000000000000654250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93a7c66806ef58c2021-12-21 12:20:58.195root 11241100x8000000000000000654251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d28850fb88dafc2021-12-21 12:20:58.195root 11241100x8000000000000000654252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86113481dc46b45f2021-12-21 12:20:58.195root 11241100x8000000000000000654253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9465778569a06b022021-12-21 12:20:58.195root 11241100x8000000000000000654254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2199c30412eee22021-12-21 12:20:58.195root 11241100x8000000000000000654255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cbac599ff6d8102021-12-21 12:20:58.195root 11241100x8000000000000000654256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a737166bf97aa3b2021-12-21 12:20:58.195root 11241100x8000000000000000654257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee323cf97237b6b2021-12-21 12:20:58.195root 11241100x8000000000000000654258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1016c52ed38584452021-12-21 12:20:58.195root 11241100x8000000000000000654259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9973ce2d4d22182021-12-21 12:20:58.195root 11241100x8000000000000000654260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b004349a96bd2102021-12-21 12:20:58.196root 11241100x8000000000000000654261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6331b333cb7df1662021-12-21 12:20:58.196root 354300x8000000000000000654262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.227{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49858-false10.0.1.12-8000- 11241100x8000000000000000654263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e6c7b04901a0c22021-12-21 12:20:58.694root 11241100x8000000000000000654264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3dc2632da5ba192021-12-21 12:20:58.694root 11241100x8000000000000000654265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7edb6868d0026332021-12-21 12:20:58.694root 11241100x8000000000000000654266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d453c46e0f74ed2021-12-21 12:20:58.694root 11241100x8000000000000000654267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cf03cd4488ede92021-12-21 12:20:58.694root 11241100x8000000000000000654268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462848f677500af52021-12-21 12:20:58.694root 11241100x8000000000000000654269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5070a492055e54df2021-12-21 12:20:58.694root 11241100x8000000000000000654270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f623802bcd73240e2021-12-21 12:20:58.694root 11241100x8000000000000000654271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d31a75581a93fd2021-12-21 12:20:58.694root 11241100x8000000000000000654272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a61d0265a27c5b2021-12-21 12:20:58.695root 11241100x8000000000000000654273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3542dbe71419ef2021-12-21 12:20:58.695root 11241100x8000000000000000654274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e89592df5fe12a2021-12-21 12:20:58.695root 11241100x8000000000000000654275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538f5981d26df6692021-12-21 12:20:58.695root 11241100x8000000000000000654276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c3a05fb0f34eaf2021-12-21 12:20:58.695root 11241100x8000000000000000654277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a10fb4cfb933faf2021-12-21 12:20:58.695root 11241100x8000000000000000654278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce61ce4e678127592021-12-21 12:20:58.695root 11241100x8000000000000000654279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4640dd0af05e932021-12-21 12:20:58.695root 11241100x8000000000000000654280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd4173d5425c8822021-12-21 12:20:58.696root 11241100x8000000000000000654281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe4274a9f9187902021-12-21 12:20:58.696root 11241100x8000000000000000654282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cb79fc717d0dd92021-12-21 12:20:58.696root 11241100x8000000000000000654283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18ee7e4692713832021-12-21 12:20:58.696root 11241100x8000000000000000654284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88e9f901b4826c52021-12-21 12:20:58.697root 11241100x8000000000000000654285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65210282cdc6ac592021-12-21 12:20:58.697root 11241100x8000000000000000654286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d96629aa2272d12021-12-21 12:20:58.697root 11241100x8000000000000000654287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509306e690e01ceb2021-12-21 12:20:58.697root 11241100x8000000000000000654288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893cb80d99de213b2021-12-21 12:20:58.697root 11241100x8000000000000000654289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b72d921220e1e82021-12-21 12:20:58.697root 11241100x8000000000000000654290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8f29a02507244e2021-12-21 12:20:58.697root 11241100x8000000000000000654291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef929bf6548003992021-12-21 12:20:58.697root 11241100x8000000000000000654292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbe0b9ce8b6c5472021-12-21 12:20:59.194root 11241100x8000000000000000654293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d5bbafb659f2032021-12-21 12:20:59.194root 11241100x8000000000000000654294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f073184525c5e0b2021-12-21 12:20:59.194root 11241100x8000000000000000654295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b06fc0103023b12021-12-21 12:20:59.194root 11241100x8000000000000000654296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d573af57841358762021-12-21 12:20:59.194root 11241100x8000000000000000654297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f24ac70b73872d62021-12-21 12:20:59.194root 11241100x8000000000000000654298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6842becced675e6f2021-12-21 12:20:59.194root 11241100x8000000000000000654299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae58403306121c5f2021-12-21 12:20:59.194root 11241100x8000000000000000654300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c3250605c5768d2021-12-21 12:20:59.194root 11241100x8000000000000000654301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae086607be791452021-12-21 12:20:59.195root 11241100x8000000000000000654302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a969d3a0093ad6b72021-12-21 12:20:59.195root 11241100x8000000000000000654303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f67f75e88439ee2021-12-21 12:20:59.195root 11241100x8000000000000000654304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa3a5aa939d038e2021-12-21 12:20:59.195root 11241100x8000000000000000654305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375e8e53909f46ef2021-12-21 12:20:59.195root 11241100x8000000000000000654306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfabec3c81fd02a2021-12-21 12:20:59.195root 11241100x8000000000000000654307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb765b65e2bc5e72021-12-21 12:20:59.195root 11241100x8000000000000000654308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223ee15fa900fecf2021-12-21 12:20:59.195root 11241100x8000000000000000654309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41437682a71190a72021-12-21 12:20:59.195root 11241100x8000000000000000654310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e387866b13934d2021-12-21 12:20:59.195root 11241100x8000000000000000654311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc932ba192065e32021-12-21 12:20:59.196root 11241100x8000000000000000654312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf25e50145ab90502021-12-21 12:20:59.196root 11241100x8000000000000000654313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff1ebff4bf660c42021-12-21 12:20:59.196root 11241100x8000000000000000654314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c003d9f99f863b552021-12-21 12:20:59.196root 11241100x8000000000000000654315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca0a153184cfc702021-12-21 12:20:59.196root 11241100x8000000000000000654316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b32bc4e6ca45102021-12-21 12:20:59.196root 11241100x8000000000000000654317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee3edb90219f5422021-12-21 12:20:59.197root 11241100x8000000000000000654318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1310f80ee66a6962021-12-21 12:20:59.197root 11241100x8000000000000000654319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c39d69e7049a6c2021-12-21 12:20:59.197root 11241100x8000000000000000654320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12039ac2221c64822021-12-21 12:20:59.197root 11241100x8000000000000000654321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52df85b270bf50962021-12-21 12:20:59.694root 11241100x8000000000000000654322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08381a86ed677fb2021-12-21 12:20:59.694root 11241100x8000000000000000654323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373f1bb22c08cc192021-12-21 12:20:59.694root 11241100x8000000000000000654324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33530cfbdc0130142021-12-21 12:20:59.694root 11241100x8000000000000000654325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23429e20e08179c92021-12-21 12:20:59.694root 11241100x8000000000000000654326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1f7220bdd9f2392021-12-21 12:20:59.694root 11241100x8000000000000000654327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c07d36a8c7519e42021-12-21 12:20:59.694root 11241100x8000000000000000654328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cc75d0480867ba2021-12-21 12:20:59.694root 11241100x8000000000000000654329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46303f873646e6c2021-12-21 12:20:59.694root 11241100x8000000000000000654330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94aee391e08a807b2021-12-21 12:20:59.694root 11241100x8000000000000000654331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5ffc2c4d0be0612021-12-21 12:20:59.695root 11241100x8000000000000000654332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47f61c88a50bd1d2021-12-21 12:20:59.695root 11241100x8000000000000000654333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c874a2ca683e1ed2021-12-21 12:20:59.695root 11241100x8000000000000000654334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127d7a14983c073f2021-12-21 12:20:59.695root 11241100x8000000000000000654335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0622a8fff4f15bcf2021-12-21 12:20:59.695root 11241100x8000000000000000654336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976b3aadeb862a3b2021-12-21 12:20:59.695root 11241100x8000000000000000654337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603f99fe3e4a605f2021-12-21 12:20:59.695root 11241100x8000000000000000654338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b0f1bff77911ec2021-12-21 12:20:59.695root 11241100x8000000000000000654339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e3c067797896872021-12-21 12:20:59.695root 11241100x8000000000000000654340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4482cd58c422c0da2021-12-21 12:20:59.695root 11241100x8000000000000000654341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de3c028c3760b402021-12-21 12:20:59.696root 11241100x8000000000000000654342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e82f50deb0d6fc2021-12-21 12:20:59.696root 11241100x8000000000000000654343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52aecc2781e8369b2021-12-21 12:20:59.696root 11241100x8000000000000000654344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56246c432c5397b62021-12-21 12:20:59.696root 11241100x8000000000000000654345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5aef63c8136dad2021-12-21 12:20:59.696root 11241100x8000000000000000654346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6dd97ec34c687b2021-12-21 12:20:59.696root 11241100x8000000000000000654347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cbbf1bf48a22422021-12-21 12:20:59.697root 11241100x8000000000000000654348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f7d04b8fe4dd5c2021-12-21 12:20:59.697root 11241100x8000000000000000654349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0dd84bba711c272021-12-21 12:20:59.697root 11241100x8000000000000000654350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac986bb69f9c97792021-12-21 12:21:00.194root 11241100x8000000000000000654351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977e63646828cbbb2021-12-21 12:21:00.194root 11241100x8000000000000000654352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db117b8e8d92d9d2021-12-21 12:21:00.194root 11241100x8000000000000000654353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92545ff1cb8c40662021-12-21 12:21:00.194root 11241100x8000000000000000654354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc5000023f49cc72021-12-21 12:21:00.194root 11241100x8000000000000000654355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03db7645249fb9ad2021-12-21 12:21:00.194root 11241100x8000000000000000654356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343d90afded9b2652021-12-21 12:21:00.194root 11241100x8000000000000000654357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e365e1b714811ea2021-12-21 12:21:00.194root 11241100x8000000000000000654358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defb2c4bbfb5c7ff2021-12-21 12:21:00.194root 11241100x8000000000000000654359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d6330b42ac78bb2021-12-21 12:21:00.195root 11241100x8000000000000000654360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f8827445cdef2b2021-12-21 12:21:00.195root 11241100x8000000000000000654361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace7ebfd5ca6c35a2021-12-21 12:21:00.195root 11241100x8000000000000000654362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb4148e943f5ba82021-12-21 12:21:00.195root 11241100x8000000000000000654363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572f820374c4c8182021-12-21 12:21:00.195root 11241100x8000000000000000654364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a330bc6f978beb7c2021-12-21 12:21:00.196root 11241100x8000000000000000654365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939f8e3f4448e7b32021-12-21 12:21:00.196root 11241100x8000000000000000654366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169b7b3ecd3eb34d2021-12-21 12:21:00.196root 11241100x8000000000000000654367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa965ebf20d37f3a2021-12-21 12:21:00.196root 11241100x8000000000000000654368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac4fd9a2ccf70a82021-12-21 12:21:00.196root 11241100x8000000000000000654369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ebea149b7d67ea2021-12-21 12:21:00.196root 11241100x8000000000000000654370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8684a1253057fe902021-12-21 12:21:00.197root 11241100x8000000000000000654371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2301a91f12777d7f2021-12-21 12:21:00.197root 11241100x8000000000000000654372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de38d5e52294c02f2021-12-21 12:21:00.197root 11241100x8000000000000000654373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f4a9dd5e622fad2021-12-21 12:21:00.197root 11241100x8000000000000000654374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d7afb5b62ff4232021-12-21 12:21:00.197root 11241100x8000000000000000654375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173af883258677342021-12-21 12:21:00.201root 11241100x8000000000000000654376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4f12dc9776c7fd2021-12-21 12:21:00.201root 11241100x8000000000000000654377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9803239df3074442021-12-21 12:21:00.201root 11241100x8000000000000000654378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff551c1bcd3ad262021-12-21 12:21:00.201root 11241100x8000000000000000654379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a21e960019332a2021-12-21 12:21:00.694root 11241100x8000000000000000654380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786adfe2da42b4c22021-12-21 12:21:00.694root 11241100x8000000000000000654381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406023d02b48bbd62021-12-21 12:21:00.694root 11241100x8000000000000000654382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff6590cb00fed1d2021-12-21 12:21:00.694root 11241100x8000000000000000654383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc1db1ea95c5ed12021-12-21 12:21:00.694root 11241100x8000000000000000654384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7122dd006fcf28e2021-12-21 12:21:00.694root 11241100x8000000000000000654385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0bcdd6407fea892021-12-21 12:21:00.694root 11241100x8000000000000000654386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37eaad211c3a56ba2021-12-21 12:21:00.694root 11241100x8000000000000000654387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db06d7543b3a3442021-12-21 12:21:00.694root 11241100x8000000000000000654388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885aa010d02444af2021-12-21 12:21:00.694root 11241100x8000000000000000654389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822e790cc946f7612021-12-21 12:21:00.694root 11241100x8000000000000000654390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb194667374497d32021-12-21 12:21:00.695root 11241100x8000000000000000654391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61092a01833507582021-12-21 12:21:00.695root 11241100x8000000000000000654392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe81e620be72b8c22021-12-21 12:21:00.695root 11241100x8000000000000000654393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dc1959f1aca3f92021-12-21 12:21:00.695root 11241100x8000000000000000654394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4331b0cbd8b51b002021-12-21 12:21:00.695root 11241100x8000000000000000654395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d03d698eb5bdde72021-12-21 12:21:00.695root 11241100x8000000000000000654396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3beba8bab6d7d0b62021-12-21 12:21:00.695root 11241100x8000000000000000654397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70371bfcdc960dc2021-12-21 12:21:00.695root 11241100x8000000000000000654398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1512ae191d25032c2021-12-21 12:21:00.695root 11241100x8000000000000000654399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a677de06b8a40d152021-12-21 12:21:00.696root 11241100x8000000000000000654400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf44c47e0b57fe522021-12-21 12:21:00.696root 11241100x8000000000000000654401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ba6af1c35cf63d2021-12-21 12:21:00.696root 11241100x8000000000000000654402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bf87882ccfef212021-12-21 12:21:00.696root 11241100x8000000000000000654403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478f0e80d0277db92021-12-21 12:21:00.696root 11241100x8000000000000000654404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88da1c64331ab6102021-12-21 12:21:00.696root 11241100x8000000000000000654405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d064ce7d4f327a9f2021-12-21 12:21:00.696root 11241100x8000000000000000654406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b1c7f35e668d482021-12-21 12:21:00.696root 11241100x8000000000000000654407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92208582391dead12021-12-21 12:21:00.696root 11241100x8000000000000000654408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f905bf4682dbd12021-12-21 12:21:01.194root 11241100x8000000000000000654409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5143eac03bed5f2021-12-21 12:21:01.194root 11241100x8000000000000000654410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c5ec18b729f97f2021-12-21 12:21:01.194root 11241100x8000000000000000654411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad1ec48e92a85f72021-12-21 12:21:01.194root 11241100x8000000000000000654412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74893f5003e565852021-12-21 12:21:01.194root 11241100x8000000000000000654413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf863d177d973be2021-12-21 12:21:01.194root 11241100x8000000000000000654414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41b2873dccc9e8b2021-12-21 12:21:01.194root 11241100x8000000000000000654415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa5a88f4d9492452021-12-21 12:21:01.194root 11241100x8000000000000000654416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f011074ef7cd9d4f2021-12-21 12:21:01.194root 11241100x8000000000000000654417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf3eb95240d3b142021-12-21 12:21:01.194root 11241100x8000000000000000654418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2229b33fa8adcbe02021-12-21 12:21:01.194root 11241100x8000000000000000654419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a964006e6b2e6392021-12-21 12:21:01.195root 11241100x8000000000000000654420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861aad1c0bbb193e2021-12-21 12:21:01.195root 11241100x8000000000000000654421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f875053fbc8b93282021-12-21 12:21:01.195root 11241100x8000000000000000654422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a795e74e694769192021-12-21 12:21:01.195root 11241100x8000000000000000654423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c160614924cc5782021-12-21 12:21:01.195root 11241100x8000000000000000654424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884614ab651b9b732021-12-21 12:21:01.195root 11241100x8000000000000000654425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028d092b09bf14442021-12-21 12:21:01.195root 11241100x8000000000000000654426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062d6e2e882793872021-12-21 12:21:01.195root 11241100x8000000000000000654427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66e85552f7e809a2021-12-21 12:21:01.195root 11241100x8000000000000000654428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbb4c209f756fbe2021-12-21 12:21:01.195root 11241100x8000000000000000654429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f3b2652e542d652021-12-21 12:21:01.196root 11241100x8000000000000000654430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301182ea2570f6c92021-12-21 12:21:01.196root 11241100x8000000000000000654431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4838e1e5e485708e2021-12-21 12:21:01.196root 11241100x8000000000000000654432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38b93734bb297f02021-12-21 12:21:01.196root 11241100x8000000000000000654433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26cd186a4500d4d2021-12-21 12:21:01.196root 11241100x8000000000000000654434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66a48d4d2cd7e502021-12-21 12:21:01.196root 11241100x8000000000000000654435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0beda0bfc224070c2021-12-21 12:21:01.196root 11241100x8000000000000000654436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f500313122e7ef52021-12-21 12:21:01.196root 11241100x8000000000000000654437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571236fd4e3d88c52021-12-21 12:21:01.694root 11241100x8000000000000000654438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a7cf7bd6099b212021-12-21 12:21:01.694root 11241100x8000000000000000654439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755fd3f24db733752021-12-21 12:21:01.694root 11241100x8000000000000000654440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e7c237d7e34a792021-12-21 12:21:01.694root 11241100x8000000000000000654441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cc4be160caf16f2021-12-21 12:21:01.694root 11241100x8000000000000000654442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0487ea53cf14ffe2021-12-21 12:21:01.694root 11241100x8000000000000000654443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5c923ecd84f4202021-12-21 12:21:01.694root 11241100x8000000000000000654444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d609755d627ab12021-12-21 12:21:01.694root 11241100x8000000000000000654445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814c7fea546c5d042021-12-21 12:21:01.694root 11241100x8000000000000000654446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444f06cb9bc087f92021-12-21 12:21:01.695root 11241100x8000000000000000654447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce477872168516b2021-12-21 12:21:01.695root 11241100x8000000000000000654448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda36f0c9948dd1a2021-12-21 12:21:01.695root 11241100x8000000000000000654449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1157ad3cd54e00192021-12-21 12:21:01.695root 11241100x8000000000000000654450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2d7557a93a06622021-12-21 12:21:01.695root 11241100x8000000000000000654451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b7733af71092e02021-12-21 12:21:01.695root 11241100x8000000000000000654452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0610334b0d8ba5dd2021-12-21 12:21:01.695root 11241100x8000000000000000654453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004deba01073419a2021-12-21 12:21:01.696root 11241100x8000000000000000654454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b39d3de9b7b2f82021-12-21 12:21:01.696root 11241100x8000000000000000654455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a626cde4e98bf8cf2021-12-21 12:21:01.696root 11241100x8000000000000000654456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1617cda0cc732a22021-12-21 12:21:01.696root 11241100x8000000000000000654457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df16c4d8a391d9372021-12-21 12:21:01.696root 11241100x8000000000000000654458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92503ccbee42e1d2021-12-21 12:21:01.696root 11241100x8000000000000000654459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22019e5574b52702021-12-21 12:21:01.697root 11241100x8000000000000000654460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9579d2d950afc0b82021-12-21 12:21:01.697root 11241100x8000000000000000654461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae3e8a11efa09b92021-12-21 12:21:01.697root 11241100x8000000000000000654462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b41ef555d8dc752021-12-21 12:21:01.697root 11241100x8000000000000000654463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bfe16230d257bf2021-12-21 12:21:01.697root 11241100x8000000000000000654464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec91c34c3b44aa62021-12-21 12:21:01.698root 11241100x8000000000000000654465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844202a36caf2e6a2021-12-21 12:21:01.698root 11241100x8000000000000000654466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70719f320159f2cd2021-12-21 12:21:02.194root 11241100x8000000000000000654467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6271dfd682e5492021-12-21 12:21:02.194root 11241100x8000000000000000654468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac9ba1a122041b32021-12-21 12:21:02.194root 11241100x8000000000000000654469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e9d3c610a130bf2021-12-21 12:21:02.194root 11241100x8000000000000000654470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0caa40ccb67b402021-12-21 12:21:02.194root 11241100x8000000000000000654471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1441bb0f4ccbbe2021-12-21 12:21:02.194root 11241100x8000000000000000654472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b927eddd71ff34212021-12-21 12:21:02.194root 11241100x8000000000000000654473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59066b4cb0052ae32021-12-21 12:21:02.194root 11241100x8000000000000000654474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb4840a4e0c171e2021-12-21 12:21:02.194root 11241100x8000000000000000654475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295ef5070ddeaad62021-12-21 12:21:02.194root 11241100x8000000000000000654476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879176c36cfe1bcb2021-12-21 12:21:02.195root 11241100x8000000000000000654477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08036461c518d9b32021-12-21 12:21:02.195root 11241100x8000000000000000654478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda802c7adf0377a2021-12-21 12:21:02.195root 11241100x8000000000000000654479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640b4a98a18759702021-12-21 12:21:02.195root 11241100x8000000000000000654480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0118c41d7d0e58082021-12-21 12:21:02.195root 11241100x8000000000000000654481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdb25d374fe2e1f2021-12-21 12:21:02.195root 11241100x8000000000000000654482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe58f5d9787891362021-12-21 12:21:02.195root 11241100x8000000000000000654483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7dfebb750bb66ae2021-12-21 12:21:02.195root 11241100x8000000000000000654484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20be3f3b13398b332021-12-21 12:21:02.195root 11241100x8000000000000000654485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a7420559d1fa842021-12-21 12:21:02.195root 11241100x8000000000000000654486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caaa3ab984314e032021-12-21 12:21:02.195root 11241100x8000000000000000654487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d266ba31e9136cd2021-12-21 12:21:02.196root 11241100x8000000000000000654488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d64bc9ae151b8b2021-12-21 12:21:02.196root 11241100x8000000000000000654489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a955efdc400133132021-12-21 12:21:02.196root 11241100x8000000000000000654490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8d16a7e279160a2021-12-21 12:21:02.196root 11241100x8000000000000000654491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0f12446aaa94f62021-12-21 12:21:02.196root 11241100x8000000000000000654492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f10cfbfa390d6662021-12-21 12:21:02.196root 11241100x8000000000000000654493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b34a4e5619067a2021-12-21 12:21:02.196root 11241100x8000000000000000654494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b5655a65eb65eb2021-12-21 12:21:02.196root 11241100x8000000000000000654495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a1d43a2c1d387d2021-12-21 12:21:02.694root 11241100x8000000000000000654496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c83eae6af26e2832021-12-21 12:21:02.694root 11241100x8000000000000000654497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43aff5b179dcaca2021-12-21 12:21:02.694root 11241100x8000000000000000654498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d35b2febbb82f22021-12-21 12:21:02.694root 11241100x8000000000000000654499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3740fdfb468d1f3b2021-12-21 12:21:02.694root 11241100x8000000000000000654500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9499be66e779f372021-12-21 12:21:02.694root 11241100x8000000000000000654501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfbd9031d7109e62021-12-21 12:21:02.694root 11241100x8000000000000000654502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b09e5d870ec7e6c2021-12-21 12:21:02.694root 11241100x8000000000000000654503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7caa777d8488072021-12-21 12:21:02.694root 11241100x8000000000000000654504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edc9be9b036fd792021-12-21 12:21:02.695root 11241100x8000000000000000654505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f129e4ba7161632021-12-21 12:21:02.695root 11241100x8000000000000000654506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2d50b22cba144f2021-12-21 12:21:02.695root 11241100x8000000000000000654507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1440b345dfd9c83e2021-12-21 12:21:02.695root 11241100x8000000000000000654508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82feef2ccf01d7682021-12-21 12:21:02.695root 11241100x8000000000000000654509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121c8a700fdde59c2021-12-21 12:21:02.695root 11241100x8000000000000000654510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5c5a59a2ad0c082021-12-21 12:21:02.695root 11241100x8000000000000000654511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c712944af1d358322021-12-21 12:21:02.695root 11241100x8000000000000000654512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb831990dc15bd242021-12-21 12:21:02.695root 11241100x8000000000000000654513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc8494fdfe841db2021-12-21 12:21:02.695root 11241100x8000000000000000654514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f1d3f41c48ece62021-12-21 12:21:02.696root 11241100x8000000000000000654515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a15278a33463e22021-12-21 12:21:02.696root 11241100x8000000000000000654516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3367dd2dd2539d2021-12-21 12:21:02.696root 11241100x8000000000000000654517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03177b5058522ac2021-12-21 12:21:02.696root 11241100x8000000000000000654518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b31aa8a41645ece2021-12-21 12:21:02.696root 11241100x8000000000000000654519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f778445d6f88508f2021-12-21 12:21:02.696root 11241100x8000000000000000654520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a39618f67d9907e2021-12-21 12:21:02.696root 11241100x8000000000000000654521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39eee1e1010ef2b2021-12-21 12:21:02.696root 11241100x8000000000000000654522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39057be3dcc2d9672021-12-21 12:21:02.696root 11241100x8000000000000000654523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d6ca338c389ed52021-12-21 12:21:02.696root 11241100x8000000000000000654524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86bb6760d8060ff2021-12-21 12:21:03.194root 11241100x8000000000000000654525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fde850421a948a12021-12-21 12:21:03.194root 11241100x8000000000000000654526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dad4bac6e568ec2021-12-21 12:21:03.194root 11241100x8000000000000000654527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df5304d6d4369592021-12-21 12:21:03.194root 11241100x8000000000000000654528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c2e4d0a0f219802021-12-21 12:21:03.194root 11241100x8000000000000000654529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f47c171a2f62d32021-12-21 12:21:03.194root 11241100x8000000000000000654530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7fd38e32acf1762021-12-21 12:21:03.194root 11241100x8000000000000000654531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4abbc2bbc98bd42021-12-21 12:21:03.194root 11241100x8000000000000000654532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49e39513a6b51842021-12-21 12:21:03.195root 11241100x8000000000000000654533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d28849bef44efc2021-12-21 12:21:03.195root 11241100x8000000000000000654534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540c56437c352d5d2021-12-21 12:21:03.195root 11241100x8000000000000000654535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10e2054c28fe5b02021-12-21 12:21:03.195root 11241100x8000000000000000654536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86976565d8daad82021-12-21 12:21:03.195root 11241100x8000000000000000654537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53df034ada57af052021-12-21 12:21:03.195root 11241100x8000000000000000654538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ffa6c9572736942021-12-21 12:21:03.195root 11241100x8000000000000000654539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a354e96f83ed74182021-12-21 12:21:03.195root 11241100x8000000000000000654540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988220ea4d54a4662021-12-21 12:21:03.195root 11241100x8000000000000000654541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c953350325c13682021-12-21 12:21:03.195root 11241100x8000000000000000654542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca91613a28fc6f792021-12-21 12:21:03.196root 11241100x8000000000000000654543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fab91badf837cd2021-12-21 12:21:03.196root 11241100x8000000000000000654544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136097d35477c14a2021-12-21 12:21:03.196root 11241100x8000000000000000654545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440692f1cd484a352021-12-21 12:21:03.196root 11241100x8000000000000000654546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df30768ce9b1903d2021-12-21 12:21:03.196root 11241100x8000000000000000654547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a40837218e72b2b2021-12-21 12:21:03.196root 11241100x8000000000000000654548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea49c32153bdad532021-12-21 12:21:03.196root 11241100x8000000000000000654549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9f0aa209e3cf8a2021-12-21 12:21:03.196root 11241100x8000000000000000654550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507278dacc15ea892021-12-21 12:21:03.196root 11241100x8000000000000000654551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2136b4c0c32e0672021-12-21 12:21:03.196root 11241100x8000000000000000654552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacc2eae12f24d962021-12-21 12:21:03.196root 11241100x8000000000000000654553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf2c94e796058ff2021-12-21 12:21:03.694root 11241100x8000000000000000654554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c4adecbc433ec02021-12-21 12:21:03.694root 11241100x8000000000000000654555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241239388453fb7d2021-12-21 12:21:03.694root 11241100x8000000000000000654556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e825b3d07abb86f72021-12-21 12:21:03.694root 11241100x8000000000000000654557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf899870ba4e2ed52021-12-21 12:21:03.694root 11241100x8000000000000000654558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191c028361209e9d2021-12-21 12:21:03.694root 11241100x8000000000000000654559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb49be05a62ecce2021-12-21 12:21:03.694root 11241100x8000000000000000654560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06424812090b3802021-12-21 12:21:03.694root 11241100x8000000000000000654561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c2293528cbbd022021-12-21 12:21:03.695root 11241100x8000000000000000654562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1f225a81e2a8992021-12-21 12:21:03.695root 11241100x8000000000000000654563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5c7c77b0c8e7632021-12-21 12:21:03.695root 11241100x8000000000000000654564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5cdbe1d85f01722021-12-21 12:21:03.695root 11241100x8000000000000000654565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baad5e8b6c1dfe5a2021-12-21 12:21:03.695root 11241100x8000000000000000654566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecab228cfa0677d2021-12-21 12:21:03.695root 11241100x8000000000000000654567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29474cc06fab89a22021-12-21 12:21:03.695root 11241100x8000000000000000654568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712595e55b84f42a2021-12-21 12:21:03.695root 11241100x8000000000000000654569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449510e7c8ec354a2021-12-21 12:21:03.695root 11241100x8000000000000000654570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1266c0a57e864ff2021-12-21 12:21:03.695root 11241100x8000000000000000654571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c364abfb68e9e6c02021-12-21 12:21:03.696root 11241100x8000000000000000654572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f1293a3224eea72021-12-21 12:21:03.696root 11241100x8000000000000000654573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6e21ca505f075c2021-12-21 12:21:03.697root 11241100x8000000000000000654574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11c94403e39a8d42021-12-21 12:21:03.697root 11241100x8000000000000000654575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bf7dc7e29c1aca2021-12-21 12:21:03.697root 11241100x8000000000000000654576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe3b73fd9e810a52021-12-21 12:21:03.697root 11241100x8000000000000000654577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11754093999974cb2021-12-21 12:21:03.697root 11241100x8000000000000000654578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7a3f27b7ef4c122021-12-21 12:21:03.697root 11241100x8000000000000000654579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd749e5e4b41c472021-12-21 12:21:03.697root 11241100x8000000000000000654580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9d936ee160ec8f2021-12-21 12:21:03.697root 11241100x8000000000000000654581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09d32a53f6a734f2021-12-21 12:21:03.698root 354300x8000000000000000654582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.136{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49860-false10.0.1.12-8000- 11241100x8000000000000000654583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fd73e7998a4c1d2021-12-21 12:21:04.137root 11241100x8000000000000000654584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1117b983284517d2021-12-21 12:21:04.137root 11241100x8000000000000000654585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99d7dd21b2441292021-12-21 12:21:04.137root 11241100x8000000000000000654586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e3ea2cee6d7ac92021-12-21 12:21:04.137root 11241100x8000000000000000654587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7214609f6a6a3b2e2021-12-21 12:21:04.137root 11241100x8000000000000000654588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a352b9eee413d432021-12-21 12:21:04.138root 11241100x8000000000000000654589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fed530ad087e4982021-12-21 12:21:04.138root 11241100x8000000000000000654590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94de9c683c17fd2e2021-12-21 12:21:04.138root 11241100x8000000000000000654591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92245ccd5f1ac382021-12-21 12:21:04.138root 11241100x8000000000000000654592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7277514df75f93f52021-12-21 12:21:04.138root 11241100x8000000000000000654593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5019bd9d4a9b782021-12-21 12:21:04.138root 11241100x8000000000000000654594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c088853088befa42021-12-21 12:21:04.138root 11241100x8000000000000000654595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4215326095bbe02021-12-21 12:21:04.138root 11241100x8000000000000000654596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e76bdd40c2806f2021-12-21 12:21:04.138root 11241100x8000000000000000654597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeedb9295927561c2021-12-21 12:21:04.138root 11241100x8000000000000000654598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c156286f016d6f02021-12-21 12:21:04.138root 11241100x8000000000000000654599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806ffd4a238648682021-12-21 12:21:04.139root 11241100x8000000000000000654600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb0b3707def15e42021-12-21 12:21:04.139root 11241100x8000000000000000654601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0820c39c3a278ce52021-12-21 12:21:04.139root 11241100x8000000000000000654602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b64463f48225aa12021-12-21 12:21:04.139root 11241100x8000000000000000654603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31eaeaa867f5f7722021-12-21 12:21:04.139root 11241100x8000000000000000654604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd09f96df2ff1712021-12-21 12:21:04.139root 11241100x8000000000000000654605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c9ecaab33334dc2021-12-21 12:21:04.139root 11241100x8000000000000000654606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cab1258fac703372021-12-21 12:21:04.139root 11241100x8000000000000000654607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77900ed5fcb08f1d2021-12-21 12:21:04.139root 11241100x8000000000000000654608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d23d9543ed3c7d12021-12-21 12:21:04.139root 11241100x8000000000000000654609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcaae1c86ee4ead42021-12-21 12:21:04.139root 11241100x8000000000000000654610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f56585f6716478d2021-12-21 12:21:04.140root 11241100x8000000000000000654611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d866d48f77105c92021-12-21 12:21:04.140root 11241100x8000000000000000654612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26979705c2cfbd842021-12-21 12:21:04.140root 11241100x8000000000000000654613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fc572fd21fc23f2021-12-21 12:21:04.443root 11241100x8000000000000000654614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2994d410132beaa02021-12-21 12:21:04.443root 11241100x8000000000000000654615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8074f701bf0c02652021-12-21 12:21:04.443root 11241100x8000000000000000654616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166ada55f66e90b02021-12-21 12:21:04.444root 11241100x8000000000000000654617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e31e7ba96845f92021-12-21 12:21:04.444root 11241100x8000000000000000654618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f1295f9c61e4962021-12-21 12:21:04.444root 11241100x8000000000000000654619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cab3909043dc2c2021-12-21 12:21:04.444root 11241100x8000000000000000654620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa77dd8564a228e62021-12-21 12:21:04.444root 11241100x8000000000000000654621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77af43e9c384f3962021-12-21 12:21:04.444root 11241100x8000000000000000654622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfc546205d7b5202021-12-21 12:21:04.444root 11241100x8000000000000000654623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2b05a508ae643e2021-12-21 12:21:04.444root 11241100x8000000000000000654624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccd906962fa24ed2021-12-21 12:21:04.444root 11241100x8000000000000000654625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee905a542046be92021-12-21 12:21:04.444root 11241100x8000000000000000654626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7240fdc6f4ad492021-12-21 12:21:04.444root 11241100x8000000000000000654627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3eaf2e2672195192021-12-21 12:21:04.444root 11241100x8000000000000000654628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de444efffca05a552021-12-21 12:21:04.444root 11241100x8000000000000000654629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928cadb7fdfb7a142021-12-21 12:21:04.444root 11241100x8000000000000000654630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e927378550c680342021-12-21 12:21:04.445root 11241100x8000000000000000654631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04b9c2c5ee70d4a2021-12-21 12:21:04.445root 11241100x8000000000000000654632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e7f8de0b87837d2021-12-21 12:21:04.445root 11241100x8000000000000000654633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c05573bbc7a62842021-12-21 12:21:04.445root 11241100x8000000000000000654634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c19135976efd2142021-12-21 12:21:04.445root 11241100x8000000000000000654635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628119da782a0bb52021-12-21 12:21:04.445root 11241100x8000000000000000654636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880dfd9297110e152021-12-21 12:21:04.445root 11241100x8000000000000000654637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbce476959a0538b2021-12-21 12:21:04.445root 11241100x8000000000000000654638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e208f1cfb7c38c2021-12-21 12:21:04.445root 11241100x8000000000000000654639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71665a3bc0a3e2472021-12-21 12:21:04.445root 11241100x8000000000000000654640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0451e4ec9010e5882021-12-21 12:21:04.445root 11241100x8000000000000000654641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0162619b22a4cd2021-12-21 12:21:04.445root 11241100x8000000000000000654642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b521bc5fba473f5f2021-12-21 12:21:04.446root 11241100x8000000000000000654643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338144924a0ed9972021-12-21 12:21:04.943root 11241100x8000000000000000654644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2242f44d87d2b62021-12-21 12:21:04.943root 11241100x8000000000000000654645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52cd1ffd4fd753662021-12-21 12:21:04.943root 11241100x8000000000000000654646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d245335d1130ef2021-12-21 12:21:04.943root 11241100x8000000000000000654647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ebfee219e8a2d02021-12-21 12:21:04.944root 11241100x8000000000000000654648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40320dfbc5dce1832021-12-21 12:21:04.944root 11241100x8000000000000000654649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf041f081bbc5fc2021-12-21 12:21:04.944root 11241100x8000000000000000654650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d278c45c9244a42021-12-21 12:21:04.944root 11241100x8000000000000000654651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34eb28a6ef469c32021-12-21 12:21:04.944root 11241100x8000000000000000654652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fa0bcc398df0252021-12-21 12:21:04.944root 11241100x8000000000000000654653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0457061aeb5dd0b62021-12-21 12:21:04.944root 11241100x8000000000000000654654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1c3934ebf1722f2021-12-21 12:21:04.944root 11241100x8000000000000000654655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c2af2bedd5d0fa2021-12-21 12:21:04.944root 11241100x8000000000000000654656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e678b96948139f2021-12-21 12:21:04.944root 11241100x8000000000000000654657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811063d38f517cce2021-12-21 12:21:04.945root 11241100x8000000000000000654658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce50c7f292f01e02021-12-21 12:21:04.945root 11241100x8000000000000000654659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f6778958aad3be2021-12-21 12:21:04.945root 11241100x8000000000000000654660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc577701c75e308c2021-12-21 12:21:04.945root 11241100x8000000000000000654661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599d9484fdd3bcfd2021-12-21 12:21:04.945root 11241100x8000000000000000654662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db477c9e3be34c712021-12-21 12:21:04.945root 11241100x8000000000000000654663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c2dbb29c5156532021-12-21 12:21:04.946root 11241100x8000000000000000654664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0891b3c5e60f19592021-12-21 12:21:04.946root 11241100x8000000000000000654665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b53fe57d0b69fc2021-12-21 12:21:04.946root 11241100x8000000000000000654666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36848717460445212021-12-21 12:21:04.946root 11241100x8000000000000000654667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c896fae361b3abd2021-12-21 12:21:04.946root 11241100x8000000000000000654668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8dfcd55966d7d662021-12-21 12:21:04.946root 11241100x8000000000000000654669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bb3de51258ea7c2021-12-21 12:21:04.946root 11241100x8000000000000000654670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f886c695ee9a266f2021-12-21 12:21:04.946root 11241100x8000000000000000654671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ae92744515609d2021-12-21 12:21:04.947root 11241100x8000000000000000654672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fa17ef6b20ffaa2021-12-21 12:21:04.947root 11241100x8000000000000000654673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4caa06ffdb2c50532021-12-21 12:21:05.443root 11241100x8000000000000000654674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a00970972ff239e2021-12-21 12:21:05.443root 11241100x8000000000000000654675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe70d8f4bea07f132021-12-21 12:21:05.443root 11241100x8000000000000000654676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46acb4c60f33c612021-12-21 12:21:05.443root 11241100x8000000000000000654677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6448485f4405f9472021-12-21 12:21:05.444root 11241100x8000000000000000654678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24c0b850ffa61182021-12-21 12:21:05.444root 11241100x8000000000000000654679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2b8b072cfd3ecc2021-12-21 12:21:05.444root 11241100x8000000000000000654680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b100d032de94dc12021-12-21 12:21:05.444root 11241100x8000000000000000654681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30063ae6b4f28fe92021-12-21 12:21:05.444root 11241100x8000000000000000654682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996f24214405222b2021-12-21 12:21:05.444root 11241100x8000000000000000654683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b516e3257fd5072021-12-21 12:21:05.444root 11241100x8000000000000000654684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949ad6bee40515e82021-12-21 12:21:05.444root 11241100x8000000000000000654685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e28808110cf55452021-12-21 12:21:05.445root 11241100x8000000000000000654686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712fc26d2e0c42e92021-12-21 12:21:05.445root 11241100x8000000000000000654687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b5f286220b96952021-12-21 12:21:05.445root 11241100x8000000000000000654688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53199ad3540384182021-12-21 12:21:05.445root 11241100x8000000000000000654689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190f46cc6d099bb62021-12-21 12:21:05.445root 11241100x8000000000000000654690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49eb3ecd7fa0c082021-12-21 12:21:05.445root 11241100x8000000000000000654691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465ffb8f96ec9e3e2021-12-21 12:21:05.445root 11241100x8000000000000000654692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea796896ce0a0c092021-12-21 12:21:05.445root 11241100x8000000000000000654693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022dfcfc7c3ca5d02021-12-21 12:21:05.445root 11241100x8000000000000000654694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba8c246cbb82a3f2021-12-21 12:21:05.445root 11241100x8000000000000000654695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b8173bd9e59e982021-12-21 12:21:05.445root 11241100x8000000000000000654696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db898e27ba64a5f02021-12-21 12:21:05.445root 11241100x8000000000000000654697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7081ce76379ca1b2021-12-21 12:21:05.445root 11241100x8000000000000000654698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40609526e7a36f732021-12-21 12:21:05.445root 11241100x8000000000000000654699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a0455f3f1dbc6e2021-12-21 12:21:05.446root 11241100x8000000000000000654700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82512d92cb31f2b12021-12-21 12:21:05.446root 11241100x8000000000000000654701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2272f17934c0b12021-12-21 12:21:05.446root 11241100x8000000000000000654702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2bc5de0c02e8122021-12-21 12:21:05.446root 11241100x8000000000000000654703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37199def4a56540d2021-12-21 12:21:05.446root 11241100x8000000000000000654704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ea93f74f41c0752021-12-21 12:21:05.446root 11241100x8000000000000000654705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036cdf14c893f66f2021-12-21 12:21:05.446root 11241100x8000000000000000654706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec67382def4104552021-12-21 12:21:05.446root 11241100x8000000000000000654707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a666ec470207d4162021-12-21 12:21:05.446root 11241100x8000000000000000654708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bc290c533b912a2021-12-21 12:21:05.446root 11241100x8000000000000000654709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d9b89042eb78682021-12-21 12:21:05.446root 11241100x8000000000000000654710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366e4f7db5ae67d02021-12-21 12:21:05.943root 11241100x8000000000000000654711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247704e61c6ddae12021-12-21 12:21:05.943root 11241100x8000000000000000654712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1361546cb1f13462021-12-21 12:21:05.943root 11241100x8000000000000000654713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171637880bfdae0d2021-12-21 12:21:05.943root 11241100x8000000000000000654714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0399dc410116192021-12-21 12:21:05.944root 11241100x8000000000000000654715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6581b17f7454dc2021-12-21 12:21:05.944root 11241100x8000000000000000654716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe2d250f88324fc2021-12-21 12:21:05.944root 11241100x8000000000000000654717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422e13264977aa972021-12-21 12:21:05.944root 11241100x8000000000000000654718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9fdf1514589ac42021-12-21 12:21:05.944root 11241100x8000000000000000654719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a714579b6c03c332021-12-21 12:21:05.944root 11241100x8000000000000000654720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829e29cfcfed7a762021-12-21 12:21:05.944root 11241100x8000000000000000654721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61821199647bc3122021-12-21 12:21:05.944root 11241100x8000000000000000654722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872d0c8d630468432021-12-21 12:21:05.944root 11241100x8000000000000000654723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6930e2ebaef6a02021-12-21 12:21:05.944root 11241100x8000000000000000654724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4296dd8fbb15a1e2021-12-21 12:21:05.944root 11241100x8000000000000000654725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270a1b1039e88f282021-12-21 12:21:05.944root 11241100x8000000000000000654726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f69406f9edbb4f2021-12-21 12:21:05.944root 11241100x8000000000000000654727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35bc578559910192021-12-21 12:21:05.944root 11241100x8000000000000000654728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7e17404dc1b1902021-12-21 12:21:05.944root 11241100x8000000000000000654729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b56e9d63a86b6672021-12-21 12:21:05.945root 11241100x8000000000000000654730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230cd09358e0ed7a2021-12-21 12:21:05.945root 11241100x8000000000000000654731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2211e442b483b12021-12-21 12:21:05.945root 11241100x8000000000000000654732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c689b3a9908415d2021-12-21 12:21:05.945root 11241100x8000000000000000654733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c303cd5d5a15a6a82021-12-21 12:21:05.945root 11241100x8000000000000000654734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cdbab738ac2b3c2021-12-21 12:21:05.945root 11241100x8000000000000000654735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f257104eda439112021-12-21 12:21:05.945root 11241100x8000000000000000654736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debd352331fcbbb02021-12-21 12:21:05.945root 11241100x8000000000000000654737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9a22243c5ce3032021-12-21 12:21:05.945root 11241100x8000000000000000654738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3820bf13eda8b8452021-12-21 12:21:05.945root 11241100x8000000000000000654739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396ff8cb7b850abd2021-12-21 12:21:05.945root 11241100x8000000000000000654740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28d4216ba49bafe2021-12-21 12:21:05.945root 11241100x8000000000000000654741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.142{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:21:06.142root 11241100x8000000000000000654742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b6eed0358d98ec2021-12-21 12:21:06.443root 11241100x8000000000000000654743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82395739b88471682021-12-21 12:21:06.443root 11241100x8000000000000000654744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee79671e2cdac0e2021-12-21 12:21:06.443root 11241100x8000000000000000654745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074659fbc83a02d52021-12-21 12:21:06.443root 11241100x8000000000000000654746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4246cf888213602021-12-21 12:21:06.444root 11241100x8000000000000000654747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9f3b5ef1bfc01a2021-12-21 12:21:06.444root 11241100x8000000000000000654748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da187c21a1bf1e962021-12-21 12:21:06.444root 11241100x8000000000000000654749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cf5bc92c6bd8092021-12-21 12:21:06.444root 11241100x8000000000000000654750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b9b32f15a4b0a52021-12-21 12:21:06.444root 11241100x8000000000000000654751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1635e49c640defe2021-12-21 12:21:06.444root 11241100x8000000000000000654752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7909e9174c27a372021-12-21 12:21:06.444root 11241100x8000000000000000654753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78087e1da02aed32021-12-21 12:21:06.444root 11241100x8000000000000000654754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7874c4462d6e53a2021-12-21 12:21:06.444root 11241100x8000000000000000654755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132ff91db587e0852021-12-21 12:21:06.444root 11241100x8000000000000000654756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1519d6eb555d65a22021-12-21 12:21:06.444root 11241100x8000000000000000654757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7fd803a62c5f652021-12-21 12:21:06.444root 11241100x8000000000000000654758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1e882d9432c69f2021-12-21 12:21:06.444root 11241100x8000000000000000654759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3276e8b35ea5562021-12-21 12:21:06.444root 11241100x8000000000000000654760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6f06704ef967e72021-12-21 12:21:06.444root 11241100x8000000000000000654761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2990495e58ed6792021-12-21 12:21:06.445root 11241100x8000000000000000654762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdf6301dcc9a4612021-12-21 12:21:06.445root 11241100x8000000000000000654763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f1e03b3b92acf92021-12-21 12:21:06.445root 11241100x8000000000000000654764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da50ebc764256442021-12-21 12:21:06.445root 11241100x8000000000000000654765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51333e74e18e4922021-12-21 12:21:06.445root 11241100x8000000000000000654766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ee0684385138d02021-12-21 12:21:06.445root 11241100x8000000000000000654767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a54cb816f2cef672021-12-21 12:21:06.445root 11241100x8000000000000000654768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bceb1e77b387772021-12-21 12:21:06.445root 11241100x8000000000000000654769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332694ab85f3c4eb2021-12-21 12:21:06.445root 11241100x8000000000000000654770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5582354304c178a62021-12-21 12:21:06.445root 11241100x8000000000000000654771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdd590153f7946e2021-12-21 12:21:06.445root 11241100x8000000000000000654772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5994df5ac44097912021-12-21 12:21:06.445root 11241100x8000000000000000654773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f10e931e71e0d5e2021-12-21 12:21:06.445root 11241100x8000000000000000654774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc90d26b791e5d6f2021-12-21 12:21:06.943root 11241100x8000000000000000654775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000666018558911d2021-12-21 12:21:06.943root 11241100x8000000000000000654776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214fbf1744508e552021-12-21 12:21:06.943root 11241100x8000000000000000654777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72305dfe0a5a24362021-12-21 12:21:06.943root 11241100x8000000000000000654778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7137dd8f4d03f38f2021-12-21 12:21:06.944root 11241100x8000000000000000654779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efcbfd329db69212021-12-21 12:21:06.944root 11241100x8000000000000000654780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8eaf98a95a161af2021-12-21 12:21:06.944root 11241100x8000000000000000654781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db755601b02119b2021-12-21 12:21:06.944root 11241100x8000000000000000654782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbbcff4214422f22021-12-21 12:21:06.944root 11241100x8000000000000000654783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4391717d69bd2a2021-12-21 12:21:06.944root 11241100x8000000000000000654784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b902a4cdd488fec2021-12-21 12:21:06.944root 11241100x8000000000000000654785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72de6053cc6990d2021-12-21 12:21:06.944root 11241100x8000000000000000654786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32020c834f9aa722021-12-21 12:21:06.944root 11241100x8000000000000000654787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09137bd1e0855ca2021-12-21 12:21:06.944root 11241100x8000000000000000654788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0af3a945c53b1c2021-12-21 12:21:06.944root 11241100x8000000000000000654789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce2ac668fb5aa012021-12-21 12:21:06.945root 11241100x8000000000000000654790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b05e1b2bb5357382021-12-21 12:21:06.945root 11241100x8000000000000000654791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a500fc755a353d72021-12-21 12:21:06.945root 11241100x8000000000000000654792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc34ce34e4e420c42021-12-21 12:21:06.945root 11241100x8000000000000000654793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0825c324254c062021-12-21 12:21:06.945root 11241100x8000000000000000654794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21671519deed10792021-12-21 12:21:06.945root 11241100x8000000000000000654795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ac5d063a3e2b812021-12-21 12:21:06.945root 11241100x8000000000000000654796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c192e8cac2ba11fe2021-12-21 12:21:06.945root 11241100x8000000000000000654797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93ce92fc963e6c92021-12-21 12:21:06.945root 11241100x8000000000000000654798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdcbe1780f717eb2021-12-21 12:21:06.945root 11241100x8000000000000000654799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2dc2b94f61f0e1b2021-12-21 12:21:06.945root 11241100x8000000000000000654800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a55481fdf46d2e2021-12-21 12:21:06.945root 11241100x8000000000000000654801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def5dafeefb3465a2021-12-21 12:21:06.945root 11241100x8000000000000000654802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9386942a3fea9da72021-12-21 12:21:06.945root 11241100x8000000000000000654803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bad90ec3aeb8ecc2021-12-21 12:21:06.945root 11241100x8000000000000000654804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffcde8c5a90231d2021-12-21 12:21:06.945root 11241100x8000000000000000654805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4e42c7d3bf9d272021-12-21 12:21:06.946root 11241100x8000000000000000654806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1deec965ce95da762021-12-21 12:21:07.443root 11241100x8000000000000000654807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c302d25d2dc44b22021-12-21 12:21:07.443root 11241100x8000000000000000654808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd77fcc79fb1e7c52021-12-21 12:21:07.443root 11241100x8000000000000000654809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddda8cd0736bc16f2021-12-21 12:21:07.443root 11241100x8000000000000000654810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263ec3190e08963c2021-12-21 12:21:07.444root 11241100x8000000000000000654811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6f0216d5acd0312021-12-21 12:21:07.444root 11241100x8000000000000000654812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f1b07878d9f1e12021-12-21 12:21:07.444root 11241100x8000000000000000654813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99de87379620af92021-12-21 12:21:07.444root 11241100x8000000000000000654814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7610365ac3bb38de2021-12-21 12:21:07.444root 11241100x8000000000000000654815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df965c7b1c2efd032021-12-21 12:21:07.444root 11241100x8000000000000000654816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5078fff93a4568e92021-12-21 12:21:07.444root 11241100x8000000000000000654817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af081717b1fbbe3d2021-12-21 12:21:07.444root 11241100x8000000000000000654818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91302131ea6ba4b22021-12-21 12:21:07.444root 11241100x8000000000000000654819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393dcbcb26a6be232021-12-21 12:21:07.444root 11241100x8000000000000000654820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740bb4a890962e412021-12-21 12:21:07.444root 11241100x8000000000000000654821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2066e180751f4c032021-12-21 12:21:07.444root 11241100x8000000000000000654822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fbd97252dfd0c22021-12-21 12:21:07.444root 11241100x8000000000000000654823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d0979069b4663f2021-12-21 12:21:07.444root 11241100x8000000000000000654824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7e3f173afc88e82021-12-21 12:21:07.444root 11241100x8000000000000000654825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60368ca6fe50dd9e2021-12-21 12:21:07.444root 11241100x8000000000000000654826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a04127e0448404f2021-12-21 12:21:07.445root 11241100x8000000000000000654827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bdada5f605dda82021-12-21 12:21:07.445root 11241100x8000000000000000654828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d4481c39d9f0922021-12-21 12:21:07.445root 11241100x8000000000000000654829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1bc585dfc67ec42021-12-21 12:21:07.445root 11241100x8000000000000000654830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075c40b1697c0f202021-12-21 12:21:07.445root 11241100x8000000000000000654831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693bbe60865410b82021-12-21 12:21:07.445root 11241100x8000000000000000654832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d6a765591cae492021-12-21 12:21:07.445root 11241100x8000000000000000654833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8457dbbba66e0612021-12-21 12:21:07.445root 11241100x8000000000000000654834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c032fb779bdc833b2021-12-21 12:21:07.445root 11241100x8000000000000000654835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b216ea31a68b45e12021-12-21 12:21:07.445root 11241100x8000000000000000654836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c89bf202543cc7e2021-12-21 12:21:07.445root 11241100x8000000000000000654837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b90c9407fee4fc2021-12-21 12:21:07.445root 11241100x8000000000000000654838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1716dad8d59dcbd32021-12-21 12:21:07.943root 11241100x8000000000000000654839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffda3dd5b40a82092021-12-21 12:21:07.943root 11241100x8000000000000000654840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23af044570e2ac052021-12-21 12:21:07.943root 11241100x8000000000000000654841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c2076cc51784602021-12-21 12:21:07.943root 11241100x8000000000000000654842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ff91fd15b6da462021-12-21 12:21:07.944root 11241100x8000000000000000654843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f213e80b12c7af2021-12-21 12:21:07.944root 11241100x8000000000000000654844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3caf3a236802bd102021-12-21 12:21:07.944root 11241100x8000000000000000654845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fc4d64091a177a2021-12-21 12:21:07.944root 11241100x8000000000000000654846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1817b66a6b483fc2021-12-21 12:21:07.944root 11241100x8000000000000000654847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9840d26a1c7bae6b2021-12-21 12:21:07.944root 11241100x8000000000000000654848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe0176d6119f9052021-12-21 12:21:07.944root 11241100x8000000000000000654849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f659a646d271592021-12-21 12:21:07.944root 11241100x8000000000000000654850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b294ab8c0c74972021-12-21 12:21:07.944root 11241100x8000000000000000654851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed04453ddc2a22c02021-12-21 12:21:07.944root 11241100x8000000000000000654852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd4363d51d4bb062021-12-21 12:21:07.944root 11241100x8000000000000000654853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ce5163dace39682021-12-21 12:21:07.944root 11241100x8000000000000000654854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618b52fdca2f7cd92021-12-21 12:21:07.944root 11241100x8000000000000000654855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cb3d31ec064dfc2021-12-21 12:21:07.944root 11241100x8000000000000000654856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c13be7d04f585432021-12-21 12:21:07.944root 11241100x8000000000000000654857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4196137d1fabfd522021-12-21 12:21:07.944root 11241100x8000000000000000654858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35315992de646932021-12-21 12:21:07.945root 11241100x8000000000000000654859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a5a94e1ef36aac2021-12-21 12:21:07.945root 11241100x8000000000000000654860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4700171f92ed652021-12-21 12:21:07.945root 11241100x8000000000000000654861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43943ba4b9b0e4af2021-12-21 12:21:07.945root 11241100x8000000000000000654862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfc24bab46191cc2021-12-21 12:21:07.945root 11241100x8000000000000000654863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626e328fbab629bb2021-12-21 12:21:07.945root 11241100x8000000000000000654864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e815e6b26f314f2021-12-21 12:21:07.945root 11241100x8000000000000000654865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0bfabc91805d852021-12-21 12:21:07.945root 11241100x8000000000000000654866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c19ca563ccd487f2021-12-21 12:21:07.946root 11241100x8000000000000000654867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7059dd881c0c6072021-12-21 12:21:07.946root 11241100x8000000000000000654868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5db4765d07e96b2021-12-21 12:21:07.946root 11241100x8000000000000000654869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c56e70e079a996e2021-12-21 12:21:08.443root 11241100x8000000000000000654870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520536fba706285e2021-12-21 12:21:08.444root 11241100x8000000000000000654871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7771a17054e9ec2021-12-21 12:21:08.444root 11241100x8000000000000000654872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f8e8c0051d15012021-12-21 12:21:08.444root 11241100x8000000000000000654873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3488807c2df103672021-12-21 12:21:08.444root 11241100x8000000000000000654874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656edf9ecd7782e12021-12-21 12:21:08.444root 11241100x8000000000000000654875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cf0e9f7dee414c2021-12-21 12:21:08.444root 11241100x8000000000000000654876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ce1feeb73807bc2021-12-21 12:21:08.444root 11241100x8000000000000000654877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ceae8595786d422021-12-21 12:21:08.444root 11241100x8000000000000000654878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28a94afc2bbaa5f2021-12-21 12:21:08.444root 11241100x8000000000000000654879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478fc220b140546b2021-12-21 12:21:08.445root 11241100x8000000000000000654880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8831e1ca42135bb2021-12-21 12:21:08.445root 11241100x8000000000000000654881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e15ff1b113a6eac2021-12-21 12:21:08.445root 11241100x8000000000000000654882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65da1e25066add82021-12-21 12:21:08.445root 11241100x8000000000000000654883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8e2f13ac3d720f2021-12-21 12:21:08.445root 11241100x8000000000000000654884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca828ee310099acd2021-12-21 12:21:08.445root 11241100x8000000000000000654885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b65a57f54bd2ed62021-12-21 12:21:08.445root 11241100x8000000000000000654886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258239c12de1395d2021-12-21 12:21:08.445root 11241100x8000000000000000654887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5ad84a354e77ef2021-12-21 12:21:08.445root 11241100x8000000000000000654888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237e9f5fe2428bf32021-12-21 12:21:08.445root 11241100x8000000000000000654889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877337fc54a5ee972021-12-21 12:21:08.445root 11241100x8000000000000000654890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc961b37d626df312021-12-21 12:21:08.445root 11241100x8000000000000000654891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c900d98064d05132021-12-21 12:21:08.446root 11241100x8000000000000000654892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c0f0df5200393d2021-12-21 12:21:08.446root 11241100x8000000000000000654893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9df44c13d8ec4c62021-12-21 12:21:08.446root 11241100x8000000000000000654894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1d71b3072eba3d2021-12-21 12:21:08.446root 11241100x8000000000000000654895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175aad21e1889cd82021-12-21 12:21:08.446root 11241100x8000000000000000654896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e02a2ac97b4d5e22021-12-21 12:21:08.446root 11241100x8000000000000000654897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115b098f709cdb9b2021-12-21 12:21:08.446root 11241100x8000000000000000654898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a4a23b5dfafa702021-12-21 12:21:08.446root 11241100x8000000000000000654899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4585efe387e584ac2021-12-21 12:21:08.446root 11241100x8000000000000000654900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286d326b661be6cf2021-12-21 12:21:08.446root 11241100x8000000000000000654901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741176eea4fa2f112021-12-21 12:21:08.943root 11241100x8000000000000000654902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0b95b0af13aa772021-12-21 12:21:08.944root 11241100x8000000000000000654903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e139f04f1f250cca2021-12-21 12:21:08.944root 11241100x8000000000000000654904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd9c9cd5a4589472021-12-21 12:21:08.944root 11241100x8000000000000000654905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1b0a5613b547d42021-12-21 12:21:08.944root 11241100x8000000000000000654906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45ab63c0a05c2162021-12-21 12:21:08.944root 11241100x8000000000000000654907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e98d89957dc691a2021-12-21 12:21:08.945root 11241100x8000000000000000654908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d0fceaa63ca24f2021-12-21 12:21:08.945root 11241100x8000000000000000654909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98536d8a0fabba352021-12-21 12:21:08.945root 11241100x8000000000000000654910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ffa9ea3d2106df2021-12-21 12:21:08.945root 11241100x8000000000000000654911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32cf7d7696fdf3c2021-12-21 12:21:08.945root 11241100x8000000000000000654912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8680ca0837341d2021-12-21 12:21:08.945root 11241100x8000000000000000654913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca19a11e32eceb42021-12-21 12:21:08.945root 11241100x8000000000000000654914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01c4f8b63c896f32021-12-21 12:21:08.946root 11241100x8000000000000000654915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14b9b78d02104332021-12-21 12:21:08.946root 11241100x8000000000000000654916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7a49f8a27360ca2021-12-21 12:21:08.946root 11241100x8000000000000000654917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92153f31dcb6a0382021-12-21 12:21:08.946root 11241100x8000000000000000654918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2884de96bc29f6c2021-12-21 12:21:08.946root 11241100x8000000000000000654919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a79c6285879acc12021-12-21 12:21:08.946root 11241100x8000000000000000654920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b65cb8b8860ba52021-12-21 12:21:08.946root 11241100x8000000000000000654921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5263c5c9c885c62021-12-21 12:21:08.946root 11241100x8000000000000000654922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f3b678b456c7672021-12-21 12:21:08.946root 11241100x8000000000000000654923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710beaa748c261e12021-12-21 12:21:08.946root 11241100x8000000000000000654924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587670d552ef70522021-12-21 12:21:08.946root 11241100x8000000000000000654925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6598106ac60d1cb92021-12-21 12:21:08.946root 11241100x8000000000000000654926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427feaa5c76339b82021-12-21 12:21:08.946root 11241100x8000000000000000654927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f4140a813dfa462021-12-21 12:21:08.946root 11241100x8000000000000000654928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850f9d2c116bf8392021-12-21 12:21:08.947root 11241100x8000000000000000654929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b335b8932740e62021-12-21 12:21:08.947root 11241100x8000000000000000654930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d55e9a6dfc78c792021-12-21 12:21:08.947root 11241100x8000000000000000654931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74050c0dd9a29222021-12-21 12:21:08.947root 11241100x8000000000000000654932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1164948e0b939b032021-12-21 12:21:08.947root 23542300x8000000000000000654933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.144{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000654934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954ecc53face750c2021-12-21 12:21:09.443root 11241100x8000000000000000654935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bbf0d488187f3f2021-12-21 12:21:09.443root 11241100x8000000000000000654936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494d4373e2da100a2021-12-21 12:21:09.443root 11241100x8000000000000000654937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368f3978d9d644d82021-12-21 12:21:09.443root 11241100x8000000000000000654938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbc46ae0b9ddff12021-12-21 12:21:09.444root 11241100x8000000000000000654939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac0a24ff319955f2021-12-21 12:21:09.444root 11241100x8000000000000000654940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223d6ac771c071032021-12-21 12:21:09.444root 11241100x8000000000000000654941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d5f76a22769aeb2021-12-21 12:21:09.444root 11241100x8000000000000000654942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43664212413bef1d2021-12-21 12:21:09.444root 11241100x8000000000000000654943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559a7a342f8c06cf2021-12-21 12:21:09.444root 11241100x8000000000000000654944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117fed382acdde022021-12-21 12:21:09.444root 11241100x8000000000000000654945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc81ca6f1cae2d82021-12-21 12:21:09.444root 11241100x8000000000000000654946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac70494edeecc9ce2021-12-21 12:21:09.444root 11241100x8000000000000000654947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb1f0a9b439a4912021-12-21 12:21:09.444root 11241100x8000000000000000654948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2c73210db3710f2021-12-21 12:21:09.444root 11241100x8000000000000000654949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bad01a2d0276442021-12-21 12:21:09.444root 11241100x8000000000000000654950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6922cc47b3162d2021-12-21 12:21:09.444root 11241100x8000000000000000654951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2461f40cff06592021-12-21 12:21:09.444root 11241100x8000000000000000654952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ef6079e3cb37d32021-12-21 12:21:09.444root 11241100x8000000000000000654953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c90e606a33376a2021-12-21 12:21:09.444root 11241100x8000000000000000654954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e936b7726de205d2021-12-21 12:21:09.445root 11241100x8000000000000000654955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651e78d4352ca86b2021-12-21 12:21:09.445root 11241100x8000000000000000654956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf48a832bedbb5f92021-12-21 12:21:09.445root 11241100x8000000000000000654957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4409f23311361272021-12-21 12:21:09.445root 11241100x8000000000000000654958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd269c734dcc0dd2021-12-21 12:21:09.445root 11241100x8000000000000000654959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c351b07c3c6c16cd2021-12-21 12:21:09.445root 11241100x8000000000000000654960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fac9e44700bb2102021-12-21 12:21:09.445root 11241100x8000000000000000654961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0744b27f222314762021-12-21 12:21:09.445root 11241100x8000000000000000654962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f947a1128cffd342021-12-21 12:21:09.445root 11241100x8000000000000000654963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb697bd053bb45852021-12-21 12:21:09.445root 11241100x8000000000000000654964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441337fec3d4f6082021-12-21 12:21:09.445root 11241100x8000000000000000654965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c50352561ea95302021-12-21 12:21:09.445root 11241100x8000000000000000654966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c94a8f7787704d2021-12-21 12:21:09.445root 154100x8000000000000000654967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.632{ec2b6afe-c6b5-61c1-68b4-1739d1550000}10076/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000654968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.641{ec2b6afe-c6b5-61c1-68b4-1739d1550000}10076/bin/psroot 11241100x8000000000000000654969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93ca4e40d72bfeb2021-12-21 12:21:09.943root 11241100x8000000000000000654970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550f4cef39057dc82021-12-21 12:21:09.943root 11241100x8000000000000000654971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b99c82f4f8a35592021-12-21 12:21:09.943root 11241100x8000000000000000654972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d8c4b5307be9a32021-12-21 12:21:09.944root 11241100x8000000000000000654973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029ecead20e21a952021-12-21 12:21:09.944root 11241100x8000000000000000654974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7080cc60525a84fe2021-12-21 12:21:09.944root 11241100x8000000000000000654975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590ee0d90281eebd2021-12-21 12:21:09.944root 11241100x8000000000000000654976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43625ddd1bd8e9b42021-12-21 12:21:09.944root 11241100x8000000000000000654977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f7ecdade6d82f52021-12-21 12:21:09.944root 11241100x8000000000000000654978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37b751a302df3a92021-12-21 12:21:09.944root 11241100x8000000000000000654979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b530abe2cb6f002021-12-21 12:21:09.944root 11241100x8000000000000000654980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703e32052b75116f2021-12-21 12:21:09.944root 11241100x8000000000000000654981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea31c05578dd6e42021-12-21 12:21:09.944root 11241100x8000000000000000654982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728ccfb8bc63a5062021-12-21 12:21:09.944root 11241100x8000000000000000654983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091d8bccf5f98daa2021-12-21 12:21:09.944root 11241100x8000000000000000654984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ff967db75517eb2021-12-21 12:21:09.945root 11241100x8000000000000000654985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65d282e4ad1c90d2021-12-21 12:21:09.945root 11241100x8000000000000000654986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafb398e202ab1772021-12-21 12:21:09.945root 11241100x8000000000000000654987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c24cd1342fbf3a92021-12-21 12:21:09.945root 11241100x8000000000000000654988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cc3dfd02c10ca12021-12-21 12:21:09.945root 11241100x8000000000000000654989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f38e1b3e26920d2021-12-21 12:21:09.945root 11241100x8000000000000000654990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57952b0bb464c3b52021-12-21 12:21:09.945root 11241100x8000000000000000654991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c4becb7f01fd8f2021-12-21 12:21:09.945root 11241100x8000000000000000654992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6283be95e7c402fa2021-12-21 12:21:09.945root 11241100x8000000000000000654993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccc42e16e1717bd2021-12-21 12:21:09.945root 11241100x8000000000000000654994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1281e0b0c073a32021-12-21 12:21:09.945root 11241100x8000000000000000654995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc6708bdcc7970f2021-12-21 12:21:09.946root 11241100x8000000000000000654996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867413dc7c6bacc12021-12-21 12:21:09.946root 11241100x8000000000000000654997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a965e369761a7a9a2021-12-21 12:21:09.946root 11241100x8000000000000000654998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dde68982234b0ed2021-12-21 12:21:09.946root 11241100x8000000000000000654999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022de9b6112108e62021-12-21 12:21:09.946root 11241100x8000000000000000655000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a52eb728d6ecbf52021-12-21 12:21:09.946root 11241100x8000000000000000655001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4526b4a66f81d68b2021-12-21 12:21:09.946root 11241100x8000000000000000655002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bf7e4e7a1d0f882021-12-21 12:21:09.946root 11241100x8000000000000000655003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7f1eac2d8047b42021-12-21 12:21:09.946root 354300x8000000000000000655004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.104{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49862-false10.0.1.12-8000- 11241100x8000000000000000655005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2124e20e9697f072021-12-21 12:21:10.443root 11241100x8000000000000000655006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31911c7909ffcfda2021-12-21 12:21:10.443root 11241100x8000000000000000655007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08909d128b485f2f2021-12-21 12:21:10.443root 11241100x8000000000000000655008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52395524ba88b1e2021-12-21 12:21:10.443root 11241100x8000000000000000655009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055103f99210c2c82021-12-21 12:21:10.444root 11241100x8000000000000000655010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca63a00ffd097e92021-12-21 12:21:10.444root 11241100x8000000000000000655011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b214946e3044b0292021-12-21 12:21:10.444root 11241100x8000000000000000655012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc4c5f234c2f57a2021-12-21 12:21:10.444root 11241100x8000000000000000655013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0eb7e0fd20876752021-12-21 12:21:10.444root 11241100x8000000000000000655014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff3ae8ddbd6943e2021-12-21 12:21:10.444root 11241100x8000000000000000655015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d28cd63c9e271ee2021-12-21 12:21:10.444root 11241100x8000000000000000655016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa078d801af629222021-12-21 12:21:10.444root 11241100x8000000000000000655017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e9fad0f0ec8e362021-12-21 12:21:10.444root 11241100x8000000000000000655018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a05e31d2964e5d2021-12-21 12:21:10.444root 11241100x8000000000000000655019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449468f9b4ecec602021-12-21 12:21:10.445root 11241100x8000000000000000655020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10bde75222947d82021-12-21 12:21:10.445root 11241100x8000000000000000655021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dd2ed1bcb78a982021-12-21 12:21:10.445root 11241100x8000000000000000655022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0f0ab716ec20a92021-12-21 12:21:10.445root 11241100x8000000000000000655023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95363e6b16b2ee2a2021-12-21 12:21:10.445root 11241100x8000000000000000655024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fd6dd3ac4d2a8c2021-12-21 12:21:10.445root 11241100x8000000000000000655025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9198ec88a1881c042021-12-21 12:21:10.445root 11241100x8000000000000000655026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592270765ebe8c0c2021-12-21 12:21:10.446root 11241100x8000000000000000655027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f81bfaade34898b2021-12-21 12:21:10.446root 11241100x8000000000000000655028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c2bb5d48863aa02021-12-21 12:21:10.446root 11241100x8000000000000000655029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f9fa81a52b16812021-12-21 12:21:10.446root 11241100x8000000000000000655030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbdc451816bff042021-12-21 12:21:10.446root 11241100x8000000000000000655031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce66fbcd2db8f2c2021-12-21 12:21:10.446root 11241100x8000000000000000655032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab5ed2b0203fbe62021-12-21 12:21:10.446root 11241100x8000000000000000655033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a973817aed14c52021-12-21 12:21:10.446root 11241100x8000000000000000655034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6349bb7a0b239d892021-12-21 12:21:10.446root 11241100x8000000000000000655035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f117739e57c11a442021-12-21 12:21:10.446root 11241100x8000000000000000655036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca0c9c2230c72442021-12-21 12:21:10.446root 11241100x8000000000000000655037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ff96d08035ff422021-12-21 12:21:10.447root 11241100x8000000000000000655038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6b288b65306c022021-12-21 12:21:10.447root 11241100x8000000000000000655039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcb46b2eb7104b92021-12-21 12:21:10.447root 11241100x8000000000000000655040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826b3c54c4a1bc1b2021-12-21 12:21:10.447root 11241100x8000000000000000655041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f2389d1d92aef82021-12-21 12:21:10.448root 11241100x8000000000000000655042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5009f2daaa53b012021-12-21 12:21:10.943root 11241100x8000000000000000655043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833a2677cfdb5af22021-12-21 12:21:10.943root 11241100x8000000000000000655044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221dce83354517ad2021-12-21 12:21:10.943root 11241100x8000000000000000655045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fa657f6b60599a2021-12-21 12:21:10.943root 11241100x8000000000000000655046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6d6ba66279f0ce2021-12-21 12:21:10.944root 11241100x8000000000000000655047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4841258baae798c02021-12-21 12:21:10.944root 11241100x8000000000000000655048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ffc16f83c16ae12021-12-21 12:21:10.944root 11241100x8000000000000000655049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23d4fbf408149fb2021-12-21 12:21:10.944root 11241100x8000000000000000655050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8396b56db3e7122021-12-21 12:21:10.944root 11241100x8000000000000000655051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ebd033fc538f9f2021-12-21 12:21:10.944root 11241100x8000000000000000655052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3f6a0ae9ca3bb32021-12-21 12:21:10.944root 11241100x8000000000000000655053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d604be9deb7db0ba2021-12-21 12:21:10.944root 11241100x8000000000000000655054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6d099824fea4e02021-12-21 12:21:10.944root 11241100x8000000000000000655055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2dfb35dd32cbd12021-12-21 12:21:10.944root 11241100x8000000000000000655056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8218e3ac2be9e502021-12-21 12:21:10.944root 11241100x8000000000000000655057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ff5ad85f74558e2021-12-21 12:21:10.945root 11241100x8000000000000000655058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbb6cd044c735632021-12-21 12:21:10.945root 11241100x8000000000000000655059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa3bc3c01e00aee2021-12-21 12:21:10.945root 11241100x8000000000000000655060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794f6804400107492021-12-21 12:21:10.945root 11241100x8000000000000000655061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3be9f677ea6c9052021-12-21 12:21:10.945root 11241100x8000000000000000655062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69146b29150455102021-12-21 12:21:10.945root 11241100x8000000000000000655063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8d124989b577be2021-12-21 12:21:10.945root 11241100x8000000000000000655064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede11f4cbf641e972021-12-21 12:21:10.945root 11241100x8000000000000000655065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc618d16e56578f52021-12-21 12:21:10.945root 11241100x8000000000000000655066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e380d512f8acb4d82021-12-21 12:21:10.945root 11241100x8000000000000000655067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a2bc4f5db8aa9b2021-12-21 12:21:10.945root 11241100x8000000000000000655068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc616619fc00cd8c2021-12-21 12:21:10.946root 11241100x8000000000000000655069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbae5630f18525682021-12-21 12:21:10.946root 11241100x8000000000000000655070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f507cbfd39b2e82021-12-21 12:21:10.946root 11241100x8000000000000000655071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136c4f88e2364c6b2021-12-21 12:21:10.946root 11241100x8000000000000000655072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735b112e9629c16f2021-12-21 12:21:10.946root 11241100x8000000000000000655073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f02e328fef4b16a2021-12-21 12:21:10.946root 11241100x8000000000000000655074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da54a32fb21fca552021-12-21 12:21:10.946root 11241100x8000000000000000655075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965409666f322d622021-12-21 12:21:10.946root 11241100x8000000000000000655076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891afc2e37a0fb332021-12-21 12:21:10.946root 11241100x8000000000000000655077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f387dfd6e1904ce2021-12-21 12:21:10.946root 11241100x8000000000000000655078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711c858202b059902021-12-21 12:21:10.947root 11241100x8000000000000000655079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e60112e2de598582021-12-21 12:21:10.947root 11241100x8000000000000000655080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57066985a3b88102021-12-21 12:21:11.443root 11241100x8000000000000000655081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b492c9814f3a31c2021-12-21 12:21:11.443root 11241100x8000000000000000655082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff720db2ee2884f2021-12-21 12:21:11.443root 11241100x8000000000000000655083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4e687f45e31d902021-12-21 12:21:11.444root 11241100x8000000000000000655084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4eddc1d70b744682021-12-21 12:21:11.444root 11241100x8000000000000000655085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5037c9367ecc1042021-12-21 12:21:11.444root 11241100x8000000000000000655086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c072af63e392652021-12-21 12:21:11.444root 11241100x8000000000000000655087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757ac651626e2c0f2021-12-21 12:21:11.444root 11241100x8000000000000000655088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a4776baed060832021-12-21 12:21:11.444root 11241100x8000000000000000655089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e9549b1a72c2252021-12-21 12:21:11.444root 11241100x8000000000000000655090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfa27e97d4b5a1a2021-12-21 12:21:11.444root 11241100x8000000000000000655091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f22ae73e051fc02021-12-21 12:21:11.444root 11241100x8000000000000000655092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f6b1a64bbc42192021-12-21 12:21:11.444root 11241100x8000000000000000655093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1af6c614d244f32021-12-21 12:21:11.444root 11241100x8000000000000000655094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5930596d8cb036b62021-12-21 12:21:11.445root 11241100x8000000000000000655095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769a6507333fec1f2021-12-21 12:21:11.445root 11241100x8000000000000000655096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf84e19699d236b2021-12-21 12:21:11.445root 11241100x8000000000000000655097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fa427881e001c52021-12-21 12:21:11.445root 11241100x8000000000000000655098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd5ac30d31dafb12021-12-21 12:21:11.445root 11241100x8000000000000000655099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63bd4c15c75d28cd2021-12-21 12:21:11.445root 11241100x8000000000000000655100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049bf376b899d57c2021-12-21 12:21:11.445root 11241100x8000000000000000655101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0d4759fe42986a2021-12-21 12:21:11.446root 11241100x8000000000000000655102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c0898d0f0dc0db2021-12-21 12:21:11.446root 11241100x8000000000000000655103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdcadce6f0855ea2021-12-21 12:21:11.446root 11241100x8000000000000000655104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d99623388ade0242021-12-21 12:21:11.446root 11241100x8000000000000000655105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7fd7b34bb51e542021-12-21 12:21:11.446root 11241100x8000000000000000655106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff28d5c93994a7b2021-12-21 12:21:11.447root 11241100x8000000000000000655107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19280b24749e6e452021-12-21 12:21:11.447root 11241100x8000000000000000655108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c19a91e9d37c852021-12-21 12:21:11.447root 11241100x8000000000000000655109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54136961af63e4e72021-12-21 12:21:11.447root 11241100x8000000000000000655110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a605c6b001df39af2021-12-21 12:21:11.447root 11241100x8000000000000000655111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05ccc4e6a44f1b02021-12-21 12:21:11.447root 11241100x8000000000000000655112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7f5f37d463ab412021-12-21 12:21:11.447root 11241100x8000000000000000655113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e8ba579f5b153c2021-12-21 12:21:11.448root 11241100x8000000000000000655114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d234e48e5d391ac2021-12-21 12:21:11.448root 11241100x8000000000000000655115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47543e311616ac02021-12-21 12:21:11.448root 11241100x8000000000000000655116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5775dc4239b461882021-12-21 12:21:11.448root 11241100x8000000000000000655117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfd6691ac029a8f2021-12-21 12:21:11.448root 11241100x8000000000000000655118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ee21480cbe70002021-12-21 12:21:11.943root 11241100x8000000000000000655119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7ae771ee1cc50f2021-12-21 12:21:11.943root 11241100x8000000000000000655120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd707205d4452e82021-12-21 12:21:11.944root 11241100x8000000000000000655121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1398ae038c997ede2021-12-21 12:21:11.944root 11241100x8000000000000000655122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7723cb096223592021-12-21 12:21:11.944root 11241100x8000000000000000655123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf276f70dbd27302021-12-21 12:21:11.944root 11241100x8000000000000000655124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5068df2c1cf3812021-12-21 12:21:11.944root 11241100x8000000000000000655125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70c5c6efdf678442021-12-21 12:21:11.944root 11241100x8000000000000000655126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d3b2db23120df72021-12-21 12:21:11.944root 11241100x8000000000000000655127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ab4d1b3209f8102021-12-21 12:21:11.944root 11241100x8000000000000000655128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b81b5d75c22c45c2021-12-21 12:21:11.944root 11241100x8000000000000000655129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e2a3868263bf6c2021-12-21 12:21:11.944root 11241100x8000000000000000655130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370ced5f4a2e8ae52021-12-21 12:21:11.945root 11241100x8000000000000000655131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd1ccdcf3b1b5ba2021-12-21 12:21:11.945root 11241100x8000000000000000655132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3313d65677631a692021-12-21 12:21:11.945root 11241100x8000000000000000655133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33d8bc3f6d689632021-12-21 12:21:11.945root 11241100x8000000000000000655134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950ba4b0b729b1ea2021-12-21 12:21:11.945root 11241100x8000000000000000655135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8202fa6ad9db502021-12-21 12:21:11.945root 11241100x8000000000000000655136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203ea19caddb447e2021-12-21 12:21:11.945root 11241100x8000000000000000655137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2b96171f866f192021-12-21 12:21:11.945root 11241100x8000000000000000655138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394509f05a7bd7702021-12-21 12:21:11.945root 11241100x8000000000000000655139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fa0cd38f090a862021-12-21 12:21:11.945root 11241100x8000000000000000655140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744f2144cb47e6dd2021-12-21 12:21:11.945root 11241100x8000000000000000655141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57aadcc98f737a02021-12-21 12:21:11.945root 11241100x8000000000000000655142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16094ef0d485b2b2021-12-21 12:21:11.945root 11241100x8000000000000000655143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314fe369f379dc9b2021-12-21 12:21:11.945root 11241100x8000000000000000655144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb55e0b0f8791652021-12-21 12:21:11.945root 11241100x8000000000000000655145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0572f0dff0b5124d2021-12-21 12:21:11.945root 11241100x8000000000000000655146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85b03ac7771c2b32021-12-21 12:21:11.946root 11241100x8000000000000000655147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc218627311897c2021-12-21 12:21:11.946root 11241100x8000000000000000655148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd51f369eee12fe2021-12-21 12:21:11.946root 11241100x8000000000000000655149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ee4060b818661f2021-12-21 12:21:11.946root 11241100x8000000000000000655150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac358c58fc4fc0452021-12-21 12:21:11.946root 11241100x8000000000000000655151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81603b94e222a992021-12-21 12:21:11.946root 11241100x8000000000000000655152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b9599904960bcb2021-12-21 12:21:11.946root 11241100x8000000000000000655153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e30d973beb661352021-12-21 12:21:11.946root 11241100x8000000000000000655154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a49f4f72931a9a42021-12-21 12:21:11.946root 11241100x8000000000000000655155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c19264746337b82021-12-21 12:21:11.946root 11241100x8000000000000000655156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afb1c63043313422021-12-21 12:21:12.443root 11241100x8000000000000000655157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589c37d7ff8d67eb2021-12-21 12:21:12.444root 11241100x8000000000000000655158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d8c1edf10f44e92021-12-21 12:21:12.444root 11241100x8000000000000000655159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb89641cfb3eabe2021-12-21 12:21:12.445root 11241100x8000000000000000655160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b0cc00bf0a84b72021-12-21 12:21:12.445root 11241100x8000000000000000655161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdffacd4cd1a36472021-12-21 12:21:12.445root 11241100x8000000000000000655162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a06f57c4aaf9d32021-12-21 12:21:12.445root 11241100x8000000000000000655163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d49375db7a8f232021-12-21 12:21:12.445root 11241100x8000000000000000655164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e87f4a5e2f41bf02021-12-21 12:21:12.445root 11241100x8000000000000000655165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0456f5218e1421392021-12-21 12:21:12.446root 11241100x8000000000000000655166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194083c67d37d7732021-12-21 12:21:12.446root 11241100x8000000000000000655167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cd442aebcb548a2021-12-21 12:21:12.446root 11241100x8000000000000000655168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c3e95da7efbcd72021-12-21 12:21:12.446root 11241100x8000000000000000655169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d221dff3b11e422021-12-21 12:21:12.446root 11241100x8000000000000000655170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809a4060f95cc2102021-12-21 12:21:12.446root 11241100x8000000000000000655171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4081f686e6ead82021-12-21 12:21:12.447root 11241100x8000000000000000655172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4950e7710d31fc672021-12-21 12:21:12.447root 11241100x8000000000000000655173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39388eefff33877b2021-12-21 12:21:12.447root 11241100x8000000000000000655174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7153b2473a99b2b2021-12-21 12:21:12.448root 11241100x8000000000000000655175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cd7709fd4855e42021-12-21 12:21:12.448root 11241100x8000000000000000655176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf32e1edfb92cb212021-12-21 12:21:12.448root 11241100x8000000000000000655177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694af19ed317237b2021-12-21 12:21:12.448root 11241100x8000000000000000655178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f3d9d17d653c0a2021-12-21 12:21:12.448root 11241100x8000000000000000655179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595879278913e2062021-12-21 12:21:12.448root 11241100x8000000000000000655180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a982fded27bcc0622021-12-21 12:21:12.448root 11241100x8000000000000000655181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8c0961f90303292021-12-21 12:21:12.448root 11241100x8000000000000000655182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814beb867c7dfffd2021-12-21 12:21:12.448root 11241100x8000000000000000655183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e6d49277edbcd52021-12-21 12:21:12.449root 11241100x8000000000000000655184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd174c668b5def422021-12-21 12:21:12.449root 11241100x8000000000000000655185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e309545b6f2813d22021-12-21 12:21:12.449root 11241100x8000000000000000655186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b606a42e8369132021-12-21 12:21:12.449root 11241100x8000000000000000655187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5367e4cfab29b1342021-12-21 12:21:12.449root 11241100x8000000000000000655188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422d8283f746a7ab2021-12-21 12:21:12.449root 11241100x8000000000000000655189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f228135e31a07d092021-12-21 12:21:12.449root 11241100x8000000000000000655190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f756506772eb642021-12-21 12:21:12.449root 11241100x8000000000000000655191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a077e64563f0b702021-12-21 12:21:12.944root 11241100x8000000000000000655192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92de77612aee9df92021-12-21 12:21:12.944root 11241100x8000000000000000655193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdbc44cb460c4002021-12-21 12:21:12.944root 11241100x8000000000000000655194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e414f753067cb7d02021-12-21 12:21:12.944root 11241100x8000000000000000655195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffa0b7862af9d402021-12-21 12:21:12.944root 11241100x8000000000000000655196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2391693b8955178e2021-12-21 12:21:12.944root 11241100x8000000000000000655197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1114aafb2db9c4682021-12-21 12:21:12.944root 11241100x8000000000000000655198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668d997efdb5df4f2021-12-21 12:21:12.945root 11241100x8000000000000000655199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0160e221ac801b062021-12-21 12:21:12.945root 11241100x8000000000000000655200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f480f4bdea0862032021-12-21 12:21:12.945root 11241100x8000000000000000655201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5671cf4e9aa5862021-12-21 12:21:12.945root 11241100x8000000000000000655202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81afcb1e555eee12021-12-21 12:21:12.945root 11241100x8000000000000000655203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2c740daf223b6a2021-12-21 12:21:12.945root 11241100x8000000000000000655204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6644a9c2a491678c2021-12-21 12:21:12.945root 11241100x8000000000000000655205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6186b97735e13ce62021-12-21 12:21:12.945root 11241100x8000000000000000655206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c986cede7173af2021-12-21 12:21:12.945root 11241100x8000000000000000655207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e0e8bf1b20f6472021-12-21 12:21:12.946root 11241100x8000000000000000655208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6eb750cb03568f2021-12-21 12:21:12.946root 11241100x8000000000000000655209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47376ac73ee2f9ad2021-12-21 12:21:12.946root 11241100x8000000000000000655210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97aeaccb755fb8a92021-12-21 12:21:12.946root 11241100x8000000000000000655211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea24f1e70ac5e6222021-12-21 12:21:12.946root 11241100x8000000000000000655212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acec2f62fab1ce32021-12-21 12:21:12.946root 11241100x8000000000000000655213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4561da028b0ecc2021-12-21 12:21:12.946root 11241100x8000000000000000655214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6433dd38a08ffffe2021-12-21 12:21:12.946root 11241100x8000000000000000655215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d223843fcc826ba32021-12-21 12:21:12.946root 11241100x8000000000000000655216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3af7ff1b901f1b2021-12-21 12:21:12.947root 11241100x8000000000000000655217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256e4aca008418c82021-12-21 12:21:12.947root 11241100x8000000000000000655218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2153ef4c4bc5782021-12-21 12:21:12.947root 11241100x8000000000000000655219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b91e67330a627a2021-12-21 12:21:12.947root 11241100x8000000000000000655220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca737b1cc887a402021-12-21 12:21:12.947root 11241100x8000000000000000655221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081672093596ac892021-12-21 12:21:12.947root 11241100x8000000000000000655222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028b95cf5e7665742021-12-21 12:21:12.947root 11241100x8000000000000000655223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf3828d1ee120ed2021-12-21 12:21:12.947root 11241100x8000000000000000655224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d437f2ba58a29d3d2021-12-21 12:21:12.947root 11241100x8000000000000000655225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1789cb7d2af4d0c52021-12-21 12:21:12.948root 11241100x8000000000000000655226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da655ce1fe48c6d2021-12-21 12:21:13.443root 11241100x8000000000000000655227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa73cc57cc596582021-12-21 12:21:13.443root 11241100x8000000000000000655228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4953715eced02c6f2021-12-21 12:21:13.444root 11241100x8000000000000000655229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da8e14c3942d9812021-12-21 12:21:13.444root 11241100x8000000000000000655230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3711fffa837ba22021-12-21 12:21:13.444root 11241100x8000000000000000655231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e55180ebd650e0e2021-12-21 12:21:13.444root 11241100x8000000000000000655232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65dbbaba22be86dd2021-12-21 12:21:13.445root 11241100x8000000000000000655233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43457ae59cb6453f2021-12-21 12:21:13.445root 11241100x8000000000000000655234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896c044436878ae82021-12-21 12:21:13.445root 11241100x8000000000000000655235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a942b891f9b6b42021-12-21 12:21:13.445root 11241100x8000000000000000655236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262edbc493d1df952021-12-21 12:21:13.445root 11241100x8000000000000000655237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e82cfbbec681642021-12-21 12:21:13.445root 11241100x8000000000000000655238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46843b25e6996d802021-12-21 12:21:13.445root 11241100x8000000000000000655239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f27c8b109b0fd52021-12-21 12:21:13.445root 11241100x8000000000000000655240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99ad9c91d948a692021-12-21 12:21:13.445root 11241100x8000000000000000655241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73340848c6f085a2021-12-21 12:21:13.445root 11241100x8000000000000000655242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803ee79d9ad3a8372021-12-21 12:21:13.446root 11241100x8000000000000000655243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e503269a297806b62021-12-21 12:21:13.446root 11241100x8000000000000000655244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a13e9e9ea340be42021-12-21 12:21:13.446root 11241100x8000000000000000655245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7cd946722ec5382021-12-21 12:21:13.446root 11241100x8000000000000000655246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd0f1e424859adb2021-12-21 12:21:13.446root 11241100x8000000000000000655247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b6d19a6360246e2021-12-21 12:21:13.446root 11241100x8000000000000000655248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0299c4f247cfae2021-12-21 12:21:13.446root 11241100x8000000000000000655249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7320ab644fbde2542021-12-21 12:21:13.447root 11241100x8000000000000000655250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26987ea858d9a1542021-12-21 12:21:13.447root 11241100x8000000000000000655251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e111d02e7309d902021-12-21 12:21:13.447root 11241100x8000000000000000655252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8814d75bb075bf992021-12-21 12:21:13.447root 11241100x8000000000000000655253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917b4462cbd5bdcf2021-12-21 12:21:13.447root 11241100x8000000000000000655254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86639d991cfbd26d2021-12-21 12:21:13.447root 11241100x8000000000000000655255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abe73eb6c470b172021-12-21 12:21:13.448root 11241100x8000000000000000655256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b44e725f8301c62021-12-21 12:21:13.448root 11241100x8000000000000000655257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09223ed8eac917e42021-12-21 12:21:13.448root 11241100x8000000000000000655258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ab30aa9958e6a02021-12-21 12:21:13.448root 11241100x8000000000000000655259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b39939c11d1d2532021-12-21 12:21:13.448root 11241100x8000000000000000655260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719b9cf58329ba962021-12-21 12:21:13.449root 11241100x8000000000000000655261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f65dbf15400cf742021-12-21 12:21:13.451root 11241100x8000000000000000655262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a010c5abfa2b4e372021-12-21 12:21:13.451root 11241100x8000000000000000655263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b75f1fca525e1232021-12-21 12:21:13.943root 11241100x8000000000000000655264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c44e6c76e7a59282021-12-21 12:21:13.943root 11241100x8000000000000000655265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698c5b959ef6eda42021-12-21 12:21:13.943root 11241100x8000000000000000655266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ac8b80b35daed42021-12-21 12:21:13.943root 11241100x8000000000000000655267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680a2e95d68560ab2021-12-21 12:21:13.943root 11241100x8000000000000000655268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c94aef53809e6e2021-12-21 12:21:13.944root 11241100x8000000000000000655269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb498c53f0aebbf2021-12-21 12:21:13.944root 11241100x8000000000000000655270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c4e69065d24d522021-12-21 12:21:13.944root 11241100x8000000000000000655271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e4832a52d537ac2021-12-21 12:21:13.944root 11241100x8000000000000000655272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d719b998753c38f22021-12-21 12:21:13.944root 11241100x8000000000000000655273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1f119a1fef80c32021-12-21 12:21:13.944root 11241100x8000000000000000655274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2e1456b148433b2021-12-21 12:21:13.944root 11241100x8000000000000000655275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b811678ce52f6f972021-12-21 12:21:13.944root 11241100x8000000000000000655276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2d7cf42847a8282021-12-21 12:21:13.944root 11241100x8000000000000000655277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587b3bd45dfc51072021-12-21 12:21:13.944root 11241100x8000000000000000655278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a68f4392a522a42021-12-21 12:21:13.945root 11241100x8000000000000000655279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1206690555b3892021-12-21 12:21:13.945root 11241100x8000000000000000655280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8228d7869f01b3892021-12-21 12:21:13.945root 11241100x8000000000000000655281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b62226de659af92021-12-21 12:21:13.946root 11241100x8000000000000000655282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b1b3ef30e2aaa62021-12-21 12:21:13.946root 11241100x8000000000000000655283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf75545c6423a0c2021-12-21 12:21:13.946root 11241100x8000000000000000655284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4178663c73d96c052021-12-21 12:21:13.946root 11241100x8000000000000000655285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9cfc4fbecad1d52021-12-21 12:21:13.946root 11241100x8000000000000000655286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3533404c67b94c292021-12-21 12:21:13.946root 11241100x8000000000000000655287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bd6bda2872204f2021-12-21 12:21:13.946root 11241100x8000000000000000655288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c164494d9b773fe2021-12-21 12:21:13.946root 11241100x8000000000000000655289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c04c3f01cb9ab1c2021-12-21 12:21:13.946root 11241100x8000000000000000655290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fa319470926f5b2021-12-21 12:21:13.946root 11241100x8000000000000000655291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fab62f78ae97f412021-12-21 12:21:13.947root 11241100x8000000000000000655292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc7767aad23b94a2021-12-21 12:21:13.947root 11241100x8000000000000000655293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997599ffeac07dda2021-12-21 12:21:13.947root 11241100x8000000000000000655294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4c5c9f912c1c542021-12-21 12:21:13.947root 11241100x8000000000000000655295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c29acecdf714862021-12-21 12:21:13.947root 11241100x8000000000000000655296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535af7fdfe37fe2c2021-12-21 12:21:13.948root 11241100x8000000000000000655297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b03e0608d35be5e2021-12-21 12:21:13.948root 11241100x8000000000000000655298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3baf2d86978bd7a62021-12-21 12:21:13.948root 11241100x8000000000000000655299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8db4789f262a4892021-12-21 12:21:13.948root 11241100x8000000000000000655300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a7ca08bd867ff72021-12-21 12:21:13.948root 11241100x8000000000000000655301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de238e57ffd150662021-12-21 12:21:13.948root 11241100x8000000000000000655302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e33a1790cefd672021-12-21 12:21:13.948root 11241100x8000000000000000655303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e39e79e012d08ec2021-12-21 12:21:13.948root 11241100x8000000000000000655304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2406d9f8562c3d0d2021-12-21 12:21:13.948root 11241100x8000000000000000655305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f8a16a6dec008c2021-12-21 12:21:13.949root 11241100x8000000000000000655306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a6b2629ffc77b12021-12-21 12:21:13.949root 11241100x8000000000000000655307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6deefa1d595d1b2021-12-21 12:21:13.949root 11241100x8000000000000000655308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f8db44324bc8d62021-12-21 12:21:13.949root 11241100x8000000000000000655309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23694a1c2fe23aa82021-12-21 12:21:13.949root 11241100x8000000000000000655310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1497ff4bc77b143a2021-12-21 12:21:13.950root 11241100x8000000000000000655311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5831d4f7ca770fe82021-12-21 12:21:13.950root 11241100x8000000000000000655312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697847c81ebce53c2021-12-21 12:21:13.950root 11241100x8000000000000000655313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf21af334ae37042021-12-21 12:21:13.950root 11241100x8000000000000000655314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133f5a94a2a195f82021-12-21 12:21:13.950root 11241100x8000000000000000655315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02310f4f2280fbd22021-12-21 12:21:13.950root 11241100x8000000000000000655316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f12af394db1fb982021-12-21 12:21:13.950root 11241100x8000000000000000655317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22075de819f55a22021-12-21 12:21:13.950root 11241100x8000000000000000655318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36687bb52f39de5b2021-12-21 12:21:13.950root 11241100x8000000000000000655319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496525415a6c2f2f2021-12-21 12:21:13.950root 11241100x8000000000000000655320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd6cce6d227b2c42021-12-21 12:21:13.951root 11241100x8000000000000000655321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7fb62acd025bb32021-12-21 12:21:13.951root 11241100x8000000000000000655322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aee36790601547a2021-12-21 12:21:13.951root 11241100x8000000000000000655323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1805242ba9cfa47b2021-12-21 12:21:13.951root 11241100x8000000000000000655324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d26c40805182152021-12-21 12:21:13.951root 11241100x8000000000000000655325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b66c8fdfc13252e2021-12-21 12:21:13.951root 11241100x8000000000000000655326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a3aba481983d452021-12-21 12:21:13.951root 11241100x8000000000000000655327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689ffa7741a30f582021-12-21 12:21:13.951root 11241100x8000000000000000655328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d57396be46e691c2021-12-21 12:21:14.443root 11241100x8000000000000000655329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e43004c228b1d22021-12-21 12:21:14.443root 11241100x8000000000000000655330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3864554a3b94e66d2021-12-21 12:21:14.444root 11241100x8000000000000000655331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a16c2b0d82e0fa62021-12-21 12:21:14.444root 11241100x8000000000000000655332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97e561e9b8daa7f2021-12-21 12:21:14.444root 11241100x8000000000000000655333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d7682dfa3ac5c82021-12-21 12:21:14.444root 11241100x8000000000000000655334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3822a6e6950802782021-12-21 12:21:14.444root 11241100x8000000000000000655335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca53c5a49e744b52021-12-21 12:21:14.444root 11241100x8000000000000000655336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5a47ce4320a7ea2021-12-21 12:21:14.445root 11241100x8000000000000000655337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91004d81a39b1022021-12-21 12:21:14.445root 11241100x8000000000000000655338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4bdd2912f0a8732021-12-21 12:21:14.445root 11241100x8000000000000000655339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53cdf2f4be053a72021-12-21 12:21:14.445root 11241100x8000000000000000655340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086e1809b3d236dc2021-12-21 12:21:14.445root 11241100x8000000000000000655341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b8e49dca760e202021-12-21 12:21:14.445root 11241100x8000000000000000655342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7146b1de94b705b02021-12-21 12:21:14.445root 11241100x8000000000000000655343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc246f5d55b1a2d2021-12-21 12:21:14.445root 11241100x8000000000000000655344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84798170e2625efe2021-12-21 12:21:14.445root 11241100x8000000000000000655345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f897a190cea14992021-12-21 12:21:14.445root 11241100x8000000000000000655346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618d7b58a82850472021-12-21 12:21:14.445root 11241100x8000000000000000655347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252d321fc68454c12021-12-21 12:21:14.445root 11241100x8000000000000000655348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637a1db65693c4002021-12-21 12:21:14.446root 11241100x8000000000000000655349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0637a2b60d7fa9472021-12-21 12:21:14.446root 11241100x8000000000000000655350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db8254269f7b4fb2021-12-21 12:21:14.446root 11241100x8000000000000000655351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0105464ca220efc02021-12-21 12:21:14.446root 11241100x8000000000000000655352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9a3669419530bd2021-12-21 12:21:14.447root 11241100x8000000000000000655353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fddacd6bcc4c232021-12-21 12:21:14.447root 11241100x8000000000000000655354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c0e61edcf2b2232021-12-21 12:21:14.448root 11241100x8000000000000000655355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4c95ccea2cb0d72021-12-21 12:21:14.449root 11241100x8000000000000000655356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c8357c769e78112021-12-21 12:21:14.453root 11241100x8000000000000000655357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e274988af1dd338a2021-12-21 12:21:14.453root 11241100x8000000000000000655358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd136eb52df529642021-12-21 12:21:14.453root 11241100x8000000000000000655359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e534b6873a19392021-12-21 12:21:14.454root 11241100x8000000000000000655360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94710c36453c245c2021-12-21 12:21:14.454root 11241100x8000000000000000655361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8bfbcdfa0c7faf2021-12-21 12:21:14.454root 11241100x8000000000000000655362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7b62dba9d1132f2021-12-21 12:21:14.454root 11241100x8000000000000000655363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987a4336d874813f2021-12-21 12:21:14.943root 11241100x8000000000000000655364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4bb5e309a4773d2021-12-21 12:21:14.943root 11241100x8000000000000000655365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848c8420a3b870e42021-12-21 12:21:14.943root 11241100x8000000000000000655366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83ef336f091bb3b2021-12-21 12:21:14.944root 11241100x8000000000000000655367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ffa86ad0db12eb2021-12-21 12:21:14.944root 11241100x8000000000000000655368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f338f3eca7d2ce942021-12-21 12:21:14.944root 11241100x8000000000000000655369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91b03b591767d132021-12-21 12:21:14.944root 11241100x8000000000000000655370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5df30d246192fe2021-12-21 12:21:14.944root 11241100x8000000000000000655371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500a97ffaf9481c62021-12-21 12:21:14.945root 11241100x8000000000000000655372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590fe2264cd08bd82021-12-21 12:21:14.945root 11241100x8000000000000000655373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1feb6ed95680d4432021-12-21 12:21:14.945root 11241100x8000000000000000655374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb5a433570dc1482021-12-21 12:21:14.945root 11241100x8000000000000000655375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba45a64cd3d1c0ce2021-12-21 12:21:14.945root 11241100x8000000000000000655376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7459f00e1907f9d72021-12-21 12:21:14.945root 11241100x8000000000000000655377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4702a3b1bdd7371b2021-12-21 12:21:14.945root 11241100x8000000000000000655378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658eb5a2adc4012a2021-12-21 12:21:14.945root 11241100x8000000000000000655379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187ebc4a2b608eab2021-12-21 12:21:14.945root 11241100x8000000000000000655380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aead3217175a379b2021-12-21 12:21:14.946root 11241100x8000000000000000655381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867f72be4dc56e702021-12-21 12:21:14.946root 11241100x8000000000000000655382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82a5aafe01c5a182021-12-21 12:21:14.946root 11241100x8000000000000000655383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8249adf5a87a77d32021-12-21 12:21:14.946root 11241100x8000000000000000655384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208bef5c1a8731f52021-12-21 12:21:14.946root 11241100x8000000000000000655385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7e15f2191d78562021-12-21 12:21:14.946root 11241100x8000000000000000655386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e54180ddcf9ca12021-12-21 12:21:14.946root 11241100x8000000000000000655387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ee0adaa95f8a472021-12-21 12:21:14.946root 11241100x8000000000000000655388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984f7c9ef9a2ec362021-12-21 12:21:14.946root 11241100x8000000000000000655389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32b7393b2af0efd2021-12-21 12:21:14.947root 11241100x8000000000000000655390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0afef73843cc922021-12-21 12:21:14.947root 11241100x8000000000000000655391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14a0d8e40685f792021-12-21 12:21:14.947root 11241100x8000000000000000655392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccd0104bb721b272021-12-21 12:21:14.947root 11241100x8000000000000000655393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d50099256974d8f2021-12-21 12:21:14.947root 11241100x8000000000000000655394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f219bbc98183d02021-12-21 12:21:14.947root 11241100x8000000000000000655395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f1b81f3e8575842021-12-21 12:21:14.947root 11241100x8000000000000000655396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59b047adadf75a12021-12-21 12:21:14.947root 11241100x8000000000000000655397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a153c09cc109612021-12-21 12:21:14.948root 11241100x8000000000000000655398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5986c0028c70b52021-12-21 12:21:14.948root 11241100x8000000000000000655399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5edb25cf563b3772021-12-21 12:21:14.948root 354300x8000000000000000655400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.145{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49864-false10.0.1.12-8000- 11241100x8000000000000000655401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bd23266ba702672021-12-21 12:21:15.443root 11241100x8000000000000000655402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd477b3e9fd48e472021-12-21 12:21:15.443root 11241100x8000000000000000655403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db54ed0f252121ff2021-12-21 12:21:15.443root 11241100x8000000000000000655404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35039453a88d3f412021-12-21 12:21:15.444root 11241100x8000000000000000655405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93cab2b7d5a361372021-12-21 12:21:15.444root 11241100x8000000000000000655406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69245be6edfe52ed2021-12-21 12:21:15.444root 11241100x8000000000000000655407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3f66641e732f422021-12-21 12:21:15.444root 11241100x8000000000000000655408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487592cc36e564fd2021-12-21 12:21:15.444root 11241100x8000000000000000655409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7883446d1260192021-12-21 12:21:15.444root 11241100x8000000000000000655410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc992ca909cbed22021-12-21 12:21:15.444root 11241100x8000000000000000655411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec23edd425f406d2021-12-21 12:21:15.444root 11241100x8000000000000000655412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0a54be770549cb2021-12-21 12:21:15.444root 11241100x8000000000000000655413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5d5e04499b97de2021-12-21 12:21:15.444root 11241100x8000000000000000655414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52be521da67206d2021-12-21 12:21:15.445root 11241100x8000000000000000655415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc09b37e87b2b752021-12-21 12:21:15.445root 11241100x8000000000000000655416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dec85b338a0483c2021-12-21 12:21:15.445root 11241100x8000000000000000655417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8338f47a47cb7d392021-12-21 12:21:15.445root 11241100x8000000000000000655418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c135dac4023484342021-12-21 12:21:15.445root 11241100x8000000000000000655419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e164dadfce4ed8e82021-12-21 12:21:15.446root 11241100x8000000000000000655420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b626877fd800503a2021-12-21 12:21:15.446root 11241100x8000000000000000655421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1d00cac92155b52021-12-21 12:21:15.447root 11241100x8000000000000000655422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710b1c2f26673ee72021-12-21 12:21:15.447root 11241100x8000000000000000655423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bd4062e63963ef2021-12-21 12:21:15.447root 11241100x8000000000000000655424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f80af6116dfc0712021-12-21 12:21:15.447root 11241100x8000000000000000655425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96eca0a2458ef6df2021-12-21 12:21:15.448root 11241100x8000000000000000655426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca36ec7f348b57922021-12-21 12:21:15.448root 11241100x8000000000000000655427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ef7e05fb3d1a112021-12-21 12:21:15.448root 11241100x8000000000000000655428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c456c6cd464e6f92021-12-21 12:21:15.448root 11241100x8000000000000000655429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b992b08c45a310872021-12-21 12:21:15.448root 11241100x8000000000000000655430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622994c3b2cf28722021-12-21 12:21:15.449root 11241100x8000000000000000655431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f611f87500bf90c22021-12-21 12:21:15.449root 11241100x8000000000000000655432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324f8425506f1f652021-12-21 12:21:15.449root 11241100x8000000000000000655433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf972111fd91483b2021-12-21 12:21:15.449root 11241100x8000000000000000655434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca5cd2f28cacffa2021-12-21 12:21:15.449root 11241100x8000000000000000655435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e631115d8ec110072021-12-21 12:21:15.450root 11241100x8000000000000000655436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf38c4807270d5d2021-12-21 12:21:15.450root 11241100x8000000000000000655437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9696ed4c2f59f32021-12-21 12:21:15.450root 11241100x8000000000000000655438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39f2954b5b118742021-12-21 12:21:15.450root 11241100x8000000000000000655439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecca5645f7e2d9942021-12-21 12:21:15.943root 11241100x8000000000000000655440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660ccb8abd5833582021-12-21 12:21:15.943root 11241100x8000000000000000655441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bdc9d2e95d12842021-12-21 12:21:15.943root 11241100x8000000000000000655442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37916cda7f4df5d82021-12-21 12:21:15.943root 11241100x8000000000000000655443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62546c3c72ea40cb2021-12-21 12:21:15.944root 11241100x8000000000000000655444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899ff9da9a92415b2021-12-21 12:21:15.944root 11241100x8000000000000000655445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df7d91678b2de0f2021-12-21 12:21:15.944root 11241100x8000000000000000655446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d8f58e6760ff3e2021-12-21 12:21:15.944root 11241100x8000000000000000655447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3eacc2073cb561d2021-12-21 12:21:15.944root 11241100x8000000000000000655448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0793d2c9ab413682021-12-21 12:21:15.944root 11241100x8000000000000000655449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a545240022e396482021-12-21 12:21:15.944root 11241100x8000000000000000655450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b5bc997e663c382021-12-21 12:21:15.944root 11241100x8000000000000000655451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471d9335b2f9f5fc2021-12-21 12:21:15.944root 11241100x8000000000000000655452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23874f249ee7cd3e2021-12-21 12:21:15.944root 11241100x8000000000000000655453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0850a5c5c4c075572021-12-21 12:21:15.944root 11241100x8000000000000000655454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50872fd469634d22021-12-21 12:21:15.944root 11241100x8000000000000000655455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d4282a72f2b3602021-12-21 12:21:15.944root 11241100x8000000000000000655456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6305f347003c6e02021-12-21 12:21:15.944root 11241100x8000000000000000655457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a30e286302aa6f2021-12-21 12:21:15.944root 11241100x8000000000000000655458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5950bc3716b4aebc2021-12-21 12:21:15.944root 11241100x8000000000000000655459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed1fa465eaaef442021-12-21 12:21:15.945root 11241100x8000000000000000655460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c64eeea101c4072021-12-21 12:21:15.945root 11241100x8000000000000000655461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314090bd8bdb0f412021-12-21 12:21:15.945root 11241100x8000000000000000655462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebafcac279a187c2021-12-21 12:21:15.945root 11241100x8000000000000000655463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc0ee66b568f4c82021-12-21 12:21:15.945root 11241100x8000000000000000655464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc3280712b560342021-12-21 12:21:15.945root 11241100x8000000000000000655465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95e9e34b308413d2021-12-21 12:21:15.945root 11241100x8000000000000000655466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a70bda2175a49812021-12-21 12:21:15.945root 11241100x8000000000000000655467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22bd9776b03f2b32021-12-21 12:21:15.945root 11241100x8000000000000000655468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1560e7c5521a012021-12-21 12:21:15.945root 11241100x8000000000000000655469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8100d5637eded0ce2021-12-21 12:21:15.945root 11241100x8000000000000000655470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92db31fd164698de2021-12-21 12:21:15.945root 11241100x8000000000000000655471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e16dde1ca0e4eb2021-12-21 12:21:15.945root 11241100x8000000000000000655472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35257f22bdf2b9362021-12-21 12:21:15.945root 11241100x8000000000000000655473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f954288660cc092021-12-21 12:21:15.945root 11241100x8000000000000000655474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343199eac385a8c32021-12-21 12:21:15.945root 11241100x8000000000000000655475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed74246219b0e0932021-12-21 12:21:15.945root 11241100x8000000000000000655476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c453b9734062e0e12021-12-21 12:21:15.946root 11241100x8000000000000000655477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e853972eb84a1492021-12-21 12:21:15.946root 11241100x8000000000000000655478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34842352ff322ce2021-12-21 12:21:15.946root 11241100x8000000000000000655479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343243a90edf725b2021-12-21 12:21:15.946root 11241100x8000000000000000655480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ca61667c7a4fae2021-12-21 12:21:15.946root 11241100x8000000000000000655481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34033245d669c352021-12-21 12:21:15.946root 11241100x8000000000000000655482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106afbbd9f38e8862021-12-21 12:21:15.946root 11241100x8000000000000000655483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfc767598e286ac2021-12-21 12:21:15.946root 11241100x8000000000000000655484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b189faf4b1814ca92021-12-21 12:21:15.946root 11241100x8000000000000000655485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea87773cd1084db62021-12-21 12:21:15.946root 11241100x8000000000000000655486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635029cf0ad7f6aa2021-12-21 12:21:15.946root 11241100x8000000000000000655487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d0dc8627016e142021-12-21 12:21:15.946root 11241100x8000000000000000655488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56de453f891dfb7b2021-12-21 12:21:15.946root 11241100x8000000000000000655489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be983db5db0897fd2021-12-21 12:21:16.443root 11241100x8000000000000000655490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf6f6123bed78312021-12-21 12:21:16.443root 11241100x8000000000000000655491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1e7dee6843305e2021-12-21 12:21:16.443root 11241100x8000000000000000655492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd72aca7a061e6e12021-12-21 12:21:16.443root 11241100x8000000000000000655493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20aeba9f96427a82021-12-21 12:21:16.443root 11241100x8000000000000000655494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a1926fce9669fb2021-12-21 12:21:16.444root 11241100x8000000000000000655495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39be6ae8f3faab72021-12-21 12:21:16.444root 11241100x8000000000000000655496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b08e7fca1880dd52021-12-21 12:21:16.444root 11241100x8000000000000000655497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e010b8de81d015702021-12-21 12:21:16.444root 11241100x8000000000000000655498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f0e759714b0e452021-12-21 12:21:16.444root 11241100x8000000000000000655499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f694fd19256d822021-12-21 12:21:16.444root 11241100x8000000000000000655500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fbe9d3e75c8dfb2021-12-21 12:21:16.444root 11241100x8000000000000000655501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2219487ca5af10a92021-12-21 12:21:16.444root 11241100x8000000000000000655502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aafc105e456b27c2021-12-21 12:21:16.444root 11241100x8000000000000000655503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d642e20f59f22b2021-12-21 12:21:16.444root 11241100x8000000000000000655504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9371d68d99ed67d2021-12-21 12:21:16.445root 11241100x8000000000000000655505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd26c6102d702292021-12-21 12:21:16.445root 11241100x8000000000000000655506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f307d41b2a3f91c92021-12-21 12:21:16.445root 11241100x8000000000000000655507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2302b2e90320132021-12-21 12:21:16.445root 11241100x8000000000000000655508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50fcb761cfe2c782021-12-21 12:21:16.445root 11241100x8000000000000000655509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f7fc09900b371a2021-12-21 12:21:16.445root 11241100x8000000000000000655510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30fe4413ebcc0bd2021-12-21 12:21:16.445root 11241100x8000000000000000655511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c74f5f9abd3d1a72021-12-21 12:21:16.445root 11241100x8000000000000000655512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e4b1f4fc9f47022021-12-21 12:21:16.445root 11241100x8000000000000000655513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde075517c8ef6b42021-12-21 12:21:16.445root 11241100x8000000000000000655514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f435984c27ab4e2c2021-12-21 12:21:16.446root 11241100x8000000000000000655515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94651ffee7713d482021-12-21 12:21:16.446root 11241100x8000000000000000655516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418e8d280efddb3d2021-12-21 12:21:16.446root 11241100x8000000000000000655517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7b2cdc23f2715c2021-12-21 12:21:16.446root 11241100x8000000000000000655518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9549f04f80f353862021-12-21 12:21:16.446root 11241100x8000000000000000655519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca862644d1b198ef2021-12-21 12:21:16.446root 11241100x8000000000000000655520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f6e3619d94e2562021-12-21 12:21:16.446root 11241100x8000000000000000655521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54c0581a0e606f52021-12-21 12:21:16.446root 11241100x8000000000000000655522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6040cef989f288e32021-12-21 12:21:16.446root 11241100x8000000000000000655523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f02037820282362021-12-21 12:21:16.446root 11241100x8000000000000000655524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d232604cff2d062f2021-12-21 12:21:16.446root 11241100x8000000000000000655525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f577f151bd1d6b2021-12-21 12:21:16.446root 11241100x8000000000000000655526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2d4fe880e4d1942021-12-21 12:21:16.446root 11241100x8000000000000000655527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413a08cf4ecfb0002021-12-21 12:21:16.446root 11241100x8000000000000000655528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b51549e09731f712021-12-21 12:21:16.446root 11241100x8000000000000000655529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae9f26aac7251432021-12-21 12:21:16.446root 11241100x8000000000000000655530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73addaa25376171f2021-12-21 12:21:16.447root 11241100x8000000000000000655531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89174707236c4acf2021-12-21 12:21:16.447root 11241100x8000000000000000655532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a12b379d7dc32ec2021-12-21 12:21:16.447root 11241100x8000000000000000655533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24301759b7f5cae82021-12-21 12:21:16.447root 11241100x8000000000000000655534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc167d303bd092ba2021-12-21 12:21:16.447root 11241100x8000000000000000655535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8995d141c38dc5e52021-12-21 12:21:16.447root 11241100x8000000000000000655536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6366645ea27da5f2021-12-21 12:21:16.447root 11241100x8000000000000000655537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd32411e2c29549e2021-12-21 12:21:16.447root 11241100x8000000000000000655538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a717ed0485c9227a2021-12-21 12:21:16.447root 11241100x8000000000000000655539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa0fba9c4ee7c562021-12-21 12:21:16.447root 11241100x8000000000000000655540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d64b7bfaba232d2021-12-21 12:21:16.449root 11241100x8000000000000000655541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b79421d9e5a90b02021-12-21 12:21:16.449root 11241100x8000000000000000655542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca3cdcdaeceee932021-12-21 12:21:16.943root 11241100x8000000000000000655543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932d899639049f332021-12-21 12:21:16.943root 11241100x8000000000000000655544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8e0c912ff0c1fa2021-12-21 12:21:16.943root 11241100x8000000000000000655545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065919000144f6922021-12-21 12:21:16.943root 11241100x8000000000000000655546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78e5c34716793822021-12-21 12:21:16.944root 11241100x8000000000000000655547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42d6f5f9e1242322021-12-21 12:21:16.944root 11241100x8000000000000000655548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d54dee6ed1977ff2021-12-21 12:21:16.944root 11241100x8000000000000000655549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156dbcb28130424e2021-12-21 12:21:16.944root 11241100x8000000000000000655550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b9f771615baf8a2021-12-21 12:21:16.944root 11241100x8000000000000000655551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a570edb0f1f6ed2021-12-21 12:21:16.944root 11241100x8000000000000000655552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ee469f5646385a2021-12-21 12:21:16.944root 11241100x8000000000000000655553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87aeb9ef89a887f62021-12-21 12:21:16.944root 11241100x8000000000000000655554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2ad9fa25a0c3a92021-12-21 12:21:16.944root 11241100x8000000000000000655555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7e899573e7d9582021-12-21 12:21:16.944root 11241100x8000000000000000655556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e118b98f7a1de12021-12-21 12:21:16.944root 11241100x8000000000000000655557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13fe0de004659242021-12-21 12:21:16.944root 11241100x8000000000000000655558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997ec0697f6f8df72021-12-21 12:21:16.945root 11241100x8000000000000000655559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9934f2545cb117b32021-12-21 12:21:16.945root 11241100x8000000000000000655560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3220d72aa1c5e02021-12-21 12:21:16.945root 11241100x8000000000000000655561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3248c2d7374f87322021-12-21 12:21:16.945root 11241100x8000000000000000655562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dadee2a36e875d92021-12-21 12:21:16.945root 11241100x8000000000000000655563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ec4612fd31aa182021-12-21 12:21:16.945root 11241100x8000000000000000655564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d61714861153eb72021-12-21 12:21:16.945root 11241100x8000000000000000655565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e583f137c90666f42021-12-21 12:21:16.945root 11241100x8000000000000000655566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c2d78d599cdef92021-12-21 12:21:16.945root 11241100x8000000000000000655567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784f3905c7d0e2742021-12-21 12:21:16.945root 11241100x8000000000000000655568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078fdb3c4bbdbc562021-12-21 12:21:16.945root 11241100x8000000000000000655569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b681d837f70fef5e2021-12-21 12:21:16.945root 11241100x8000000000000000655570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc1ffc8e131495c2021-12-21 12:21:16.945root 11241100x8000000000000000655571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117b5f04902830942021-12-21 12:21:16.946root 11241100x8000000000000000655572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d30615345959ea2021-12-21 12:21:16.946root 11241100x8000000000000000655573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031ceba669367feb2021-12-21 12:21:16.946root 11241100x8000000000000000655574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fc3f2b9983f3002021-12-21 12:21:16.946root 11241100x8000000000000000655575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267b3a7f3806ddb22021-12-21 12:21:16.946root 11241100x8000000000000000655576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7aadf5bd7fba5ef2021-12-21 12:21:16.946root 11241100x8000000000000000655577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c4e78cdbecf1642021-12-21 12:21:16.946root 11241100x8000000000000000655578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a3ec5ccb7dfeda2021-12-21 12:21:16.946root 11241100x8000000000000000655579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df749cf412c79a22021-12-21 12:21:17.443root 11241100x8000000000000000655580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37065335cd4f00672021-12-21 12:21:17.443root 11241100x8000000000000000655581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f1bec213988ee12021-12-21 12:21:17.443root 11241100x8000000000000000655582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e360aa86f7e0ba52021-12-21 12:21:17.443root 11241100x8000000000000000655583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15047f02a9732492021-12-21 12:21:17.444root 11241100x8000000000000000655584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206d307976b11a172021-12-21 12:21:17.444root 11241100x8000000000000000655585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fab470f30baa472021-12-21 12:21:17.444root 11241100x8000000000000000655586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d224f980bffb02b82021-12-21 12:21:17.444root 11241100x8000000000000000655587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494f134e419266062021-12-21 12:21:17.444root 11241100x8000000000000000655588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19932b2ac57bca9f2021-12-21 12:21:17.444root 11241100x8000000000000000655589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd2f1d719567c302021-12-21 12:21:17.444root 11241100x8000000000000000655590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b4ea90efe467a22021-12-21 12:21:17.444root 11241100x8000000000000000655591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5fdec10ad0535b2021-12-21 12:21:17.444root 11241100x8000000000000000655592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc46140e9ae2cff2021-12-21 12:21:17.444root 11241100x8000000000000000655593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3698e5678531712021-12-21 12:21:17.444root 11241100x8000000000000000655594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2433c6a95d985ba12021-12-21 12:21:17.444root 11241100x8000000000000000655595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51a9149a15505642021-12-21 12:21:17.444root 11241100x8000000000000000655596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5efe98e4b7834d42021-12-21 12:21:17.444root 11241100x8000000000000000655597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691cbdd5e1ed82f42021-12-21 12:21:17.445root 11241100x8000000000000000655598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1380de5629fc9d52021-12-21 12:21:17.445root 11241100x8000000000000000655599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a14cae87788c0852021-12-21 12:21:17.445root 11241100x8000000000000000655600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cca5b4e97dae2b2021-12-21 12:21:17.445root 11241100x8000000000000000655601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db07f1e9ebfcd8982021-12-21 12:21:17.445root 11241100x8000000000000000655602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447b68b3064d80b92021-12-21 12:21:17.445root 11241100x8000000000000000655603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d76827d25e96212021-12-21 12:21:17.445root 11241100x8000000000000000655604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447abf2579b9e9cd2021-12-21 12:21:17.445root 11241100x8000000000000000655605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd111bf25aa9ef362021-12-21 12:21:17.445root 11241100x8000000000000000655606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c378db32d7a1c32021-12-21 12:21:17.445root 11241100x8000000000000000655607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8747476e5658f2e2021-12-21 12:21:17.446root 11241100x8000000000000000655608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc70bd5fc43525cd2021-12-21 12:21:17.446root 11241100x8000000000000000655609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7255088a3fe5a8252021-12-21 12:21:17.446root 11241100x8000000000000000655610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c5728f971f30372021-12-21 12:21:17.446root 11241100x8000000000000000655611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d575865c35b1c9f2021-12-21 12:21:17.446root 11241100x8000000000000000655612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58d5a8d3ca0309a2021-12-21 12:21:17.446root 11241100x8000000000000000655613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e3785a184f8b902021-12-21 12:21:17.446root 11241100x8000000000000000655614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571b35b37f94d0ad2021-12-21 12:21:17.446root 11241100x8000000000000000655615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cad2f9cec9ca2a2021-12-21 12:21:17.943root 11241100x8000000000000000655616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13065fe566aa49e82021-12-21 12:21:17.943root 11241100x8000000000000000655617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa87127397f7ba792021-12-21 12:21:17.943root 11241100x8000000000000000655618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004d536e5d7d66952021-12-21 12:21:17.944root 11241100x8000000000000000655619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f6ac895dcb478f2021-12-21 12:21:17.944root 11241100x8000000000000000655620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255e5ee584f4193c2021-12-21 12:21:17.944root 11241100x8000000000000000655621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2eac45baa1dbcff2021-12-21 12:21:17.944root 11241100x8000000000000000655622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54345162194b2ad32021-12-21 12:21:17.944root 11241100x8000000000000000655623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0598ac7b82a5ee72021-12-21 12:21:17.944root 11241100x8000000000000000655624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40d9a5a93efcdb22021-12-21 12:21:17.944root 11241100x8000000000000000655625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58998b6c9e49dbac2021-12-21 12:21:17.944root 11241100x8000000000000000655626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2219e54ecc762ee02021-12-21 12:21:17.944root 11241100x8000000000000000655627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532b9e26235a1bae2021-12-21 12:21:17.944root 11241100x8000000000000000655628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029683dc0f4ce30a2021-12-21 12:21:17.944root 11241100x8000000000000000655629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f393e084f9c176c2021-12-21 12:21:17.944root 11241100x8000000000000000655630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d2ba58176a6e432021-12-21 12:21:17.944root 11241100x8000000000000000655631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3f788fd7409bd02021-12-21 12:21:17.945root 11241100x8000000000000000655632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5bff568cdab4402021-12-21 12:21:17.945root 11241100x8000000000000000655633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bde815bd0beb4922021-12-21 12:21:17.945root 11241100x8000000000000000655634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4745fb03dd8416c22021-12-21 12:21:17.945root 11241100x8000000000000000655635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e607fbe50785342021-12-21 12:21:17.945root 11241100x8000000000000000655636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3454f1452bf8d7622021-12-21 12:21:17.945root 11241100x8000000000000000655637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4775ed78545133e82021-12-21 12:21:17.945root 11241100x8000000000000000655638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72afa92ce6de57c02021-12-21 12:21:17.945root 11241100x8000000000000000655639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bef18b923f954e2021-12-21 12:21:17.945root 11241100x8000000000000000655640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc28e1e10d493562021-12-21 12:21:17.945root 11241100x8000000000000000655641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231bbf1faf66ef802021-12-21 12:21:17.945root 11241100x8000000000000000655642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd60630ead6afa282021-12-21 12:21:17.945root 11241100x8000000000000000655643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8df34c9f32a37192021-12-21 12:21:17.945root 11241100x8000000000000000655644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602fe99058677d212021-12-21 12:21:17.946root 11241100x8000000000000000655645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c0e5a45f70c2532021-12-21 12:21:17.946root 11241100x8000000000000000655646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200d986a0eccd06a2021-12-21 12:21:17.946root 11241100x8000000000000000655647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f121a8bb6e8d34912021-12-21 12:21:17.946root 11241100x8000000000000000655648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de777b7639be0f52021-12-21 12:21:17.946root 11241100x8000000000000000655649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6cd59a1afe6f462021-12-21 12:21:17.946root 11241100x8000000000000000655650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2504e8c0fd748f2021-12-21 12:21:17.946root 11241100x8000000000000000655651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363313318231e1942021-12-21 12:21:17.946root 11241100x8000000000000000655652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e91a9eecd5d96462021-12-21 12:21:17.947root 11241100x8000000000000000655653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cefc2b4c094c8942021-12-21 12:21:17.947root 11241100x8000000000000000655654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80631ed47e05bb72021-12-21 12:21:17.947root 11241100x8000000000000000655655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190639626d90d4f12021-12-21 12:21:17.947root 11241100x8000000000000000655656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd69f9d4bb1c6a22021-12-21 12:21:17.947root 11241100x8000000000000000655657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485cf004202ea4302021-12-21 12:21:17.947root 11241100x8000000000000000655658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949a3ed3ab8529b42021-12-21 12:21:17.947root 11241100x8000000000000000655659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbe18d4ca4136642021-12-21 12:21:17.947root 11241100x8000000000000000655660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14763ee3bd5105c62021-12-21 12:21:17.947root 11241100x8000000000000000655661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6550aabb595238a2021-12-21 12:21:17.947root 11241100x8000000000000000655662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5a0bb2ec3ff3312021-12-21 12:21:17.947root 11241100x8000000000000000655663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9537d50e6e3ff5b82021-12-21 12:21:17.947root 11241100x8000000000000000655664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b7c4ff35f391c22021-12-21 12:21:17.947root 11241100x8000000000000000655665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3471d6e3077974342021-12-21 12:21:17.947root 11241100x8000000000000000655666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cd17060ee83e512021-12-21 12:21:18.443root 11241100x8000000000000000655667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d3764119ebd7fb2021-12-21 12:21:18.443root 11241100x8000000000000000655668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9d5d2d3096a4772021-12-21 12:21:18.443root 11241100x8000000000000000655669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e50d46650f1d282021-12-21 12:21:18.443root 11241100x8000000000000000655670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a358dbf0086b2fb2021-12-21 12:21:18.443root 11241100x8000000000000000655671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad932697f4e9672f2021-12-21 12:21:18.443root 11241100x8000000000000000655672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0745ee8431d7741e2021-12-21 12:21:18.443root 11241100x8000000000000000655673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72626a5a14507352021-12-21 12:21:18.443root 11241100x8000000000000000655674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df687e9e4581be182021-12-21 12:21:18.443root 11241100x8000000000000000655675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65699991e47c704d2021-12-21 12:21:18.444root 11241100x8000000000000000655676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8112aff6537d9c2021-12-21 12:21:18.444root 11241100x8000000000000000655677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5007f0fb3fb1cfc72021-12-21 12:21:18.444root 11241100x8000000000000000655678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301b875e3a6940c52021-12-21 12:21:18.444root 11241100x8000000000000000655679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb4bbd6a3da54482021-12-21 12:21:18.444root 11241100x8000000000000000655680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dedb8df74ea2f0b2021-12-21 12:21:18.444root 11241100x8000000000000000655681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98eb0de33b7b469a2021-12-21 12:21:18.444root 11241100x8000000000000000655682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54abcfab14dc4772021-12-21 12:21:18.444root 11241100x8000000000000000655683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae9da5e3fc849012021-12-21 12:21:18.444root 11241100x8000000000000000655684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352c47b54d48163a2021-12-21 12:21:18.444root 11241100x8000000000000000655685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2d1698f774f40d2021-12-21 12:21:18.444root 11241100x8000000000000000655686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cb5590ad4bc0522021-12-21 12:21:18.445root 11241100x8000000000000000655687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606a542d21be587e2021-12-21 12:21:18.445root 11241100x8000000000000000655688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e426df2878a1ed4f2021-12-21 12:21:18.445root 11241100x8000000000000000655689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdfa602c5a368d92021-12-21 12:21:18.445root 11241100x8000000000000000655690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b0eb546358505b2021-12-21 12:21:18.445root 11241100x8000000000000000655691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdd2e72a3b286142021-12-21 12:21:18.445root 11241100x8000000000000000655692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0eefa129c7926a2021-12-21 12:21:18.445root 11241100x8000000000000000655693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfa8b48c7ea12f52021-12-21 12:21:18.445root 11241100x8000000000000000655694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613e5d5f2fcdef342021-12-21 12:21:18.445root 11241100x8000000000000000655695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3844362437c816762021-12-21 12:21:18.445root 11241100x8000000000000000655696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c22c564cc697ca2021-12-21 12:21:18.445root 11241100x8000000000000000655697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9e03ac380fcb512021-12-21 12:21:18.446root 11241100x8000000000000000655698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fec9959eabf01a2021-12-21 12:21:18.446root 11241100x8000000000000000655699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01bfe7eaadd75922021-12-21 12:21:18.446root 11241100x8000000000000000655700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bded56fded9d8b2021-12-21 12:21:18.446root 11241100x8000000000000000655701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b94864c61dc62e52021-12-21 12:21:18.446root 11241100x8000000000000000655702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68926fc3562ab6e22021-12-21 12:21:18.446root 11241100x8000000000000000655703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5d74207bfd1aa72021-12-21 12:21:18.446root 11241100x8000000000000000655704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f38ebe319a5eede2021-12-21 12:21:18.446root 11241100x8000000000000000655705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d42ecdc344c87862021-12-21 12:21:18.446root 11241100x8000000000000000655706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4be4d10ec278e42021-12-21 12:21:18.447root 11241100x8000000000000000655707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ba36d9f8ca02612021-12-21 12:21:18.447root 11241100x8000000000000000655708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5549e8f188bbe9a2021-12-21 12:21:18.447root 11241100x8000000000000000655709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6eb6f89fc39c0732021-12-21 12:21:18.447root 11241100x8000000000000000655710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969bd2fc482c867b2021-12-21 12:21:18.447root 11241100x8000000000000000655711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac62a07ffbdb78f2021-12-21 12:21:18.447root 11241100x8000000000000000655712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c3c10d1a1f49422021-12-21 12:21:18.447root 11241100x8000000000000000655713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6bd53fca55da2d2021-12-21 12:21:18.448root 11241100x8000000000000000655714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf846c840c168942021-12-21 12:21:18.448root 11241100x8000000000000000655715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1377dfcb79d615032021-12-21 12:21:18.448root 11241100x8000000000000000655716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605e36fa964e9dd02021-12-21 12:21:18.448root 11241100x8000000000000000655717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0678e1ce45cfcf82021-12-21 12:21:18.448root 11241100x8000000000000000655718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5730b0f344cecb372021-12-21 12:21:18.448root 354300x8000000000000000655755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:20.176{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49866-false10.0.1.12-8000- 11241100x8000000000000000655756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:20.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ac5c88ad8aefb32021-12-21 12:21:20.442root 11241100x8000000000000000655757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:20.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d150c8e7938eef2021-12-21 12:21:20.942root 11241100x8000000000000000655758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5317c1e0b33034e2021-12-21 12:21:21.444root 11241100x8000000000000000655759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:21.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68dfd1c62070dc022021-12-21 12:21:21.942root 11241100x8000000000000000655760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:22.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a744a305e7c16c2021-12-21 12:21:22.442root 11241100x8000000000000000655761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:22.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a4940d216f8b862021-12-21 12:21:22.942root 11241100x8000000000000000655762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:23.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fc452d66fb24492021-12-21 12:21:23.442root 11241100x8000000000000000655763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:23.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbbace22665a0032021-12-21 12:21:23.942root 11241100x8000000000000000655764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:24.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f96e35538b301b92021-12-21 12:21:24.442root 11241100x8000000000000000655765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:24.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40697617c045a4e82021-12-21 12:21:24.942root 11241100x8000000000000000655766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:25.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da97434e7fa99252021-12-21 12:21:25.442root 354300x8000000000000000655767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:25.791{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-36932-false10.0.1.12-8089- 11241100x8000000000000000655768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:25.791{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc887cca3b8af792021-12-21 12:21:25.791root 354300x8000000000000000655769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:26.097{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49870-false10.0.1.12-8000- 11241100x8000000000000000655770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:26.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cff81423d4bddb2021-12-21 12:21:26.097root 11241100x8000000000000000655771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:26.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcbdf440f9897c82021-12-21 12:21:26.097root 11241100x8000000000000000655772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:26.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe1fd25af9f7e4a2021-12-21 12:21:26.442root 11241100x8000000000000000655773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45873eb78a372cb2021-12-21 12:21:26.443root 11241100x8000000000000000655774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02f5cdd07d641942021-12-21 12:21:26.443root 11241100x8000000000000000655775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:26.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1ce84657e5e2bb2021-12-21 12:21:26.942root 11241100x8000000000000000655776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa123d534651dde2021-12-21 12:21:26.943root 11241100x8000000000000000655777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d377b33ff158b92021-12-21 12:21:26.943root 11241100x8000000000000000655778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:27.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16484c84cb2dce902021-12-21 12:21:27.442root 11241100x8000000000000000655779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7fe340b26e3a362021-12-21 12:21:27.443root 11241100x8000000000000000655780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4c368f7620d8392021-12-21 12:21:27.443root 11241100x8000000000000000655781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:27.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746a819a132b2ca62021-12-21 12:21:27.942root 11241100x8000000000000000655782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8d55bece4ca3b32021-12-21 12:21:27.943root 11241100x8000000000000000655783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b7caa585e5b3142021-12-21 12:21:27.943root 11241100x8000000000000000655784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752b2753057355b42021-12-21 12:21:28.443root 11241100x8000000000000000655785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65087bc602276f3b2021-12-21 12:21:28.443root 11241100x8000000000000000655786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c04b8c7ddf8ffa2021-12-21 12:21:28.443root 11241100x8000000000000000655787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a5e9d30e067f102021-12-21 12:21:28.943root 11241100x8000000000000000655788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a6b2375dbbf2c22021-12-21 12:21:28.943root 11241100x8000000000000000655789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf26bc9caf3529c52021-12-21 12:21:28.943root 11241100x8000000000000000655790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:29.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a7cb295b0f0fdc2021-12-21 12:21:29.442root 11241100x8000000000000000655791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b94b171f210c7d2021-12-21 12:21:29.443root 11241100x8000000000000000655792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58cc46e7aab49522021-12-21 12:21:29.443root 11241100x8000000000000000655793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:29.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be778f38ce8f5b8d2021-12-21 12:21:29.942root 11241100x8000000000000000655794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045cb7f7bef269fd2021-12-21 12:21:29.943root 11241100x8000000000000000655795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8865a37cad47762021-12-21 12:21:29.943root 11241100x8000000000000000655796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:30.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47fa7e594623c222021-12-21 12:21:30.442root 11241100x8000000000000000655797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fced8ae3d75fae2021-12-21 12:21:30.443root 11241100x8000000000000000655798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ad3adbb7c3bc622021-12-21 12:21:30.443root 11241100x8000000000000000655799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:30.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ca641094c081c12021-12-21 12:21:30.942root 11241100x8000000000000000655800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404f1bcc48f6fa592021-12-21 12:21:30.943root 11241100x8000000000000000655801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac59126839dabb5e2021-12-21 12:21:30.943root 354300x8000000000000000655802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:31.182{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49872-false10.0.1.12-8000- 11241100x8000000000000000655803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b749ef0dbe0663782021-12-21 12:21:31.443root 11241100x8000000000000000655804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138ef3a117af31ff2021-12-21 12:21:31.443root 11241100x8000000000000000655805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d6585c64e0fb332021-12-21 12:21:31.443root 11241100x8000000000000000655806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d842aba161bab02021-12-21 12:21:31.443root 11241100x8000000000000000655807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:31.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897528af1cf1081c2021-12-21 12:21:31.942root 11241100x8000000000000000655808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a6a11e6d82a5f42021-12-21 12:21:31.943root 11241100x8000000000000000655809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea32cb45c9edb822021-12-21 12:21:31.943root 11241100x8000000000000000655810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8025084cdd2032a2021-12-21 12:21:31.943root 11241100x8000000000000000655811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:32.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e935e45d88b7812021-12-21 12:21:32.442root 11241100x8000000000000000655812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067ae9f435eb0ca82021-12-21 12:21:32.443root 11241100x8000000000000000655813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ebbe986f36909c2021-12-21 12:21:32.443root 11241100x8000000000000000655814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790785dd48645ca52021-12-21 12:21:32.443root 11241100x8000000000000000655815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:32.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd0df0636dba1122021-12-21 12:21:32.942root 11241100x8000000000000000655816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399615497c009e442021-12-21 12:21:32.943root 11241100x8000000000000000655817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d260e5a5c1a08b2021-12-21 12:21:32.943root 11241100x8000000000000000655818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cac7e0efde750092021-12-21 12:21:32.943root 11241100x8000000000000000655819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:33.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a661409dc2ab252021-12-21 12:21:33.442root 11241100x8000000000000000655820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f949ab53c6c0ace02021-12-21 12:21:33.443root 11241100x8000000000000000655821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e33149f6791c7a82021-12-21 12:21:33.443root 11241100x8000000000000000655822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21d76cb5b4b49512021-12-21 12:21:33.443root 11241100x8000000000000000655823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:33.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed88ea5b4e148922021-12-21 12:21:33.942root 11241100x8000000000000000655824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70aba20c2d436a322021-12-21 12:21:33.943root 11241100x8000000000000000655825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd0afb9415797792021-12-21 12:21:33.943root 11241100x8000000000000000655826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5130df3e9d80ed532021-12-21 12:21:33.943root 11241100x8000000000000000655827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:34.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1287be6457049a732021-12-21 12:21:34.442root 11241100x8000000000000000655828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b37ee2e499bdec62021-12-21 12:21:34.443root 11241100x8000000000000000655829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea7ec5a16509b2a2021-12-21 12:21:34.443root 11241100x8000000000000000655830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8fb897e37544802021-12-21 12:21:34.443root 11241100x8000000000000000655831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:34.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91563f6aebe907b72021-12-21 12:21:34.942root 11241100x8000000000000000655832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae1903049a280832021-12-21 12:21:34.943root 11241100x8000000000000000655833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a930e416f45056ef2021-12-21 12:21:34.943root 11241100x8000000000000000655834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a722de49bce63ef2021-12-21 12:21:34.943root 11241100x8000000000000000655835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:35.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185124731126828a2021-12-21 12:21:35.442root 11241100x8000000000000000655836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99faf9439ff40ad92021-12-21 12:21:35.443root 11241100x8000000000000000655837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7c40856f8c53ed2021-12-21 12:21:35.443root 11241100x8000000000000000655838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e727edf225e92d2021-12-21 12:21:35.443root 11241100x8000000000000000655839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:35.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040eef4b64c070ed2021-12-21 12:21:35.942root 11241100x8000000000000000655840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80ef59b870332fa2021-12-21 12:21:35.943root 11241100x8000000000000000655841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3095b3a3edc8b52021-12-21 12:21:35.943root 11241100x8000000000000000655842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e511b064f733152021-12-21 12:21:35.943root 11241100x8000000000000000655843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.142{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:21:36.142root 11241100x8000000000000000655844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72acdbb766e642f42021-12-21 12:21:36.443root 11241100x8000000000000000655845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740ce0b5e14a5cec2021-12-21 12:21:36.443root 11241100x8000000000000000655846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c60df6709b2347b2021-12-21 12:21:36.443root 11241100x8000000000000000655847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca070f47158288c2021-12-21 12:21:36.443root 11241100x8000000000000000655848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a3eb82b1bc6a5f2021-12-21 12:21:36.443root 11241100x8000000000000000655849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98b1f7d0971e7372021-12-21 12:21:36.943root 11241100x8000000000000000655850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7d9226521378fb2021-12-21 12:21:36.943root 11241100x8000000000000000655851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6288855fac0836cd2021-12-21 12:21:36.943root 11241100x8000000000000000655852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a73f4b7e7f07a902021-12-21 12:21:36.943root 11241100x8000000000000000655853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4933a2ae69385f3b2021-12-21 12:21:36.943root 354300x8000000000000000655854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.055{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49874-false10.0.1.12-8000- 11241100x8000000000000000655855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8a28dc9bc220032021-12-21 12:21:37.443root 11241100x8000000000000000655856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294022f3b92aa9ae2021-12-21 12:21:37.443root 11241100x8000000000000000655857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f292cddb34b1b2c82021-12-21 12:21:37.443root 11241100x8000000000000000655858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714c50cb327397bf2021-12-21 12:21:37.443root 11241100x8000000000000000655859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0911504601360b2021-12-21 12:21:37.443root 11241100x8000000000000000655860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8770959c38424ad2021-12-21 12:21:37.443root 11241100x8000000000000000655861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d01713b1c4e35e2021-12-21 12:21:37.943root 11241100x8000000000000000655862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871c45be059b72882021-12-21 12:21:37.943root 11241100x8000000000000000655863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fb870b1eaed9132021-12-21 12:21:37.943root 11241100x8000000000000000655864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776ec49af2c8fad22021-12-21 12:21:37.943root 11241100x8000000000000000655865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c3c1bc478013442021-12-21 12:21:37.943root 11241100x8000000000000000655866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10db50fbf171fdd22021-12-21 12:21:37.943root 11241100x8000000000000000655867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d453f2c401cbfc2a2021-12-21 12:21:38.443root 11241100x8000000000000000655868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f826094be78a832021-12-21 12:21:38.443root 11241100x8000000000000000655869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08741949f2c0389b2021-12-21 12:21:38.443root 11241100x8000000000000000655870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd074d37905c94e2021-12-21 12:21:38.443root 11241100x8000000000000000655871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbaa22b14b2ec7342021-12-21 12:21:38.443root 11241100x8000000000000000655872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fc8d9ac77595892021-12-21 12:21:38.443root 11241100x8000000000000000655873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627ea7e170e9edb62021-12-21 12:21:38.943root 11241100x8000000000000000655874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f4c7d59e1ce6762021-12-21 12:21:38.943root 11241100x8000000000000000655875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0671789133f6572021-12-21 12:21:38.943root 11241100x8000000000000000655876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089a2b81bbb7d22c2021-12-21 12:21:38.943root 11241100x8000000000000000655877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954d1cb435071a092021-12-21 12:21:38.943root 11241100x8000000000000000655878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acacd1e6162445dc2021-12-21 12:21:38.943root 23542300x8000000000000000655879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.051{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000655880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1434171db92993952021-12-21 12:21:39.443root 11241100x8000000000000000655881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bc3c07d3318a3a2021-12-21 12:21:39.443root 11241100x8000000000000000655882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafa36dfa842b8f92021-12-21 12:21:39.443root 11241100x8000000000000000655883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aaea3aafe94d6ea2021-12-21 12:21:39.443root 11241100x8000000000000000655884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a62bbfe1f209ba42021-12-21 12:21:39.443root 11241100x8000000000000000655885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6edd3beb5fb7e532021-12-21 12:21:39.443root 11241100x8000000000000000655886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409b5c086f31e5772021-12-21 12:21:39.443root 11241100x8000000000000000655887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e246e0223a9d82632021-12-21 12:21:39.943root 11241100x8000000000000000655888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6ff8076e334ca82021-12-21 12:21:39.943root 11241100x8000000000000000655889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c889e7252eea6d212021-12-21 12:21:39.943root 11241100x8000000000000000655890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4183153a5eaf6f2021-12-21 12:21:39.943root 11241100x8000000000000000655891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627f1973fb5768d82021-12-21 12:21:39.943root 11241100x8000000000000000655892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fc1ee2aa1e683a2021-12-21 12:21:39.943root 11241100x8000000000000000655893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba4df23655478542021-12-21 12:21:39.943root 11241100x8000000000000000655894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302c0efafbb26c3f2021-12-21 12:21:40.443root 11241100x8000000000000000655895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da936f93548269d12021-12-21 12:21:40.443root 11241100x8000000000000000655896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f77a5687efc0d1f2021-12-21 12:21:40.443root 11241100x8000000000000000655897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522ed9bdbda1a2b92021-12-21 12:21:40.443root 11241100x8000000000000000655898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4529110ed98412e52021-12-21 12:21:40.443root 11241100x8000000000000000655899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2756bb42994c65ed2021-12-21 12:21:40.443root 11241100x8000000000000000655900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf82944c83fd4ac2021-12-21 12:21:40.443root 11241100x8000000000000000655901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd63cc67b57ed2c72021-12-21 12:21:40.943root 11241100x8000000000000000655902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d19a41ae42b9c1c2021-12-21 12:21:40.943root 11241100x8000000000000000655903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb4837f69a8de282021-12-21 12:21:40.943root 11241100x8000000000000000655904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67100d50cbb38e9f2021-12-21 12:21:40.943root 11241100x8000000000000000655905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e4b625253ee4cb2021-12-21 12:21:40.943root 11241100x8000000000000000655906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8b6767c93db1c82021-12-21 12:21:40.943root 11241100x8000000000000000655907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8bada7a04f202d2021-12-21 12:21:40.943root 11241100x8000000000000000655908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d8a4d7e76c6fff2021-12-21 12:21:41.443root 11241100x8000000000000000655909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48678a610fa386502021-12-21 12:21:41.443root 11241100x8000000000000000655910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1f6a3d6c6979532021-12-21 12:21:41.443root 11241100x8000000000000000655911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e17d8ac51ba4772021-12-21 12:21:41.443root 11241100x8000000000000000655912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4b51615e33f5aa2021-12-21 12:21:41.443root 11241100x8000000000000000655913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98164729288e0e72021-12-21 12:21:41.443root 11241100x8000000000000000655914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6091f90323d6d9512021-12-21 12:21:41.443root 11241100x8000000000000000655915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af68eca7fcbcd8ee2021-12-21 12:21:41.943root 11241100x8000000000000000655916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942d6a4b744e3b672021-12-21 12:21:41.943root 11241100x8000000000000000655917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8180bcaf1a102d202021-12-21 12:21:41.943root 11241100x8000000000000000655918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f8311a63243e3f2021-12-21 12:21:41.943root 11241100x8000000000000000655919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfd54a82fc90eff2021-12-21 12:21:41.943root 11241100x8000000000000000655920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67931281d344e1d32021-12-21 12:21:41.943root 11241100x8000000000000000655921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a6af2f38d444392021-12-21 12:21:41.943root 354300x8000000000000000655922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.073{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49876-false10.0.1.12-8000- 11241100x8000000000000000655923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc6b8bb10a503ff2021-12-21 12:21:42.443root 11241100x8000000000000000655924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea87b187c374aea12021-12-21 12:21:42.443root 11241100x8000000000000000655925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c32e1ab943c3bff2021-12-21 12:21:42.443root 11241100x8000000000000000655926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182231870b287ee22021-12-21 12:21:42.443root 11241100x8000000000000000655927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d508161c66d6470c2021-12-21 12:21:42.444root 11241100x8000000000000000655928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4888f065e5d3182021-12-21 12:21:42.444root 11241100x8000000000000000655929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08524f784738b7762021-12-21 12:21:42.444root 11241100x8000000000000000655930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e2c494c6aa5c292021-12-21 12:21:42.444root 11241100x8000000000000000655931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf47e41238825f02021-12-21 12:21:42.943root 11241100x8000000000000000655932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d8bfe652eae92a2021-12-21 12:21:42.943root 11241100x8000000000000000655933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227631791197a1a52021-12-21 12:21:42.943root 11241100x8000000000000000655934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec701f46dddccd52021-12-21 12:21:42.943root 11241100x8000000000000000655935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cdace8060ddb502021-12-21 12:21:42.943root 11241100x8000000000000000655936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f688327ff5eb17b2021-12-21 12:21:42.943root 11241100x8000000000000000655937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c889c5896be15a562021-12-21 12:21:42.943root 11241100x8000000000000000655938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0407ea50717f70ba2021-12-21 12:21:42.943root 11241100x8000000000000000655939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d763e17011feddb42021-12-21 12:21:43.443root 11241100x8000000000000000655940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c811ee1f25caa93a2021-12-21 12:21:43.443root 11241100x8000000000000000655941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4068bbaa27f037022021-12-21 12:21:43.443root 11241100x8000000000000000655942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b676bbeb99dc922021-12-21 12:21:43.444root 11241100x8000000000000000655943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7956dc3bf80b7c12021-12-21 12:21:43.444root 11241100x8000000000000000655944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06642704cc0992ca2021-12-21 12:21:43.445root 11241100x8000000000000000655945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c4d40b1f01211d2021-12-21 12:21:43.446root 11241100x8000000000000000655946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896782499ccf7f842021-12-21 12:21:43.446root 11241100x8000000000000000655947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b10d3de701c5c572021-12-21 12:21:43.943root 11241100x8000000000000000655948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ecc846aa3ef3562021-12-21 12:21:43.943root 11241100x8000000000000000655949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fe9da4bd34f4b42021-12-21 12:21:43.943root 11241100x8000000000000000655950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb80d821c9b46722021-12-21 12:21:43.943root 11241100x8000000000000000655951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6978ea8f40ac4e2e2021-12-21 12:21:43.943root 11241100x8000000000000000655952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c78067e73f8af02021-12-21 12:21:43.943root 11241100x8000000000000000655953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6e2a3f0ee12d8f2021-12-21 12:21:43.943root 11241100x8000000000000000655954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b5e89c192ed76b2021-12-21 12:21:43.943root 11241100x8000000000000000655955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f9fd2f5cd789492021-12-21 12:21:44.443root 11241100x8000000000000000655956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63a3bdd183b83c82021-12-21 12:21:44.443root 11241100x8000000000000000655957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b850d35652e9fd32021-12-21 12:21:44.443root 11241100x8000000000000000655958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410ef6d2fe69780e2021-12-21 12:21:44.444root 11241100x8000000000000000655959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4a3215d01e2d2b2021-12-21 12:21:44.444root 11241100x8000000000000000655960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66a92a7d8ddc4312021-12-21 12:21:44.444root 11241100x8000000000000000655961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20eaf7a66fd63ee2021-12-21 12:21:44.445root 11241100x8000000000000000655962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02fce3b1df68af52021-12-21 12:21:44.445root 11241100x8000000000000000655963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd77df28bc8de8b2021-12-21 12:21:44.943root 11241100x8000000000000000655964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db477406c9fe10932021-12-21 12:21:44.943root 11241100x8000000000000000655965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be68b9d35fe9c692021-12-21 12:21:44.943root 11241100x8000000000000000655966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076ec1a5ff4e68b52021-12-21 12:21:44.943root 11241100x8000000000000000655967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3116f337527dfcb82021-12-21 12:21:44.943root 11241100x8000000000000000655968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acdf671acfb3d8d2021-12-21 12:21:44.943root 11241100x8000000000000000655969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b87a2e85dc74cc2021-12-21 12:21:44.943root 11241100x8000000000000000655970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e9b2c1e175d99a2021-12-21 12:21:44.944root 11241100x8000000000000000655971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458ab2182a3fcb0c2021-12-21 12:21:45.443root 11241100x8000000000000000655972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cdfe73e67100612021-12-21 12:21:45.443root 11241100x8000000000000000655973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7daa5617f1f6102021-12-21 12:21:45.443root 11241100x8000000000000000655974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92af2f794a9bfb512021-12-21 12:21:45.443root 11241100x8000000000000000655975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135e1d0225f870a32021-12-21 12:21:45.443root 11241100x8000000000000000655976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ba7ae1c4e958c72021-12-21 12:21:45.443root 11241100x8000000000000000655977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e8b339c4a9241a2021-12-21 12:21:45.444root 11241100x8000000000000000655978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1a4fcfc0b2c6f42021-12-21 12:21:45.444root 11241100x8000000000000000655979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f49afa2169e1d4a2021-12-21 12:21:45.942root 11241100x8000000000000000655980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58ee5d8f96bd8d32021-12-21 12:21:45.943root 11241100x8000000000000000655981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f91e9499a6f1f72021-12-21 12:21:45.943root 11241100x8000000000000000655982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5919d1e21e498cba2021-12-21 12:21:45.943root 11241100x8000000000000000655983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e788011effa18c2021-12-21 12:21:45.943root 11241100x8000000000000000655984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66caecc2ca129d852021-12-21 12:21:45.943root 11241100x8000000000000000655985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfc7c1dbb9e036a2021-12-21 12:21:45.943root 11241100x8000000000000000655986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93f257bf8ef4c742021-12-21 12:21:45.944root 11241100x8000000000000000655987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815df9aa94cf133a2021-12-21 12:21:46.443root 11241100x8000000000000000655988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1d8e5fb4ed96a32021-12-21 12:21:46.443root 11241100x8000000000000000655989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719eb1ae26aea73f2021-12-21 12:21:46.443root 11241100x8000000000000000655990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659709c5bc8a65512021-12-21 12:21:46.444root 11241100x8000000000000000655991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa07afe8315ac6b42021-12-21 12:21:46.444root 11241100x8000000000000000655992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918305f28219a0c72021-12-21 12:21:46.444root 11241100x8000000000000000655993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2df7f99c3854cd2021-12-21 12:21:46.444root 11241100x8000000000000000655994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5234ecb61c7f68312021-12-21 12:21:46.444root 11241100x8000000000000000655995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118d8637ddd4411a2021-12-21 12:21:46.943root 11241100x8000000000000000655996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ede892eed7411992021-12-21 12:21:46.943root 11241100x8000000000000000655997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb77cf02d65141412021-12-21 12:21:46.943root 11241100x8000000000000000655998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfce9d03059a6812021-12-21 12:21:46.943root 11241100x8000000000000000655999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a68694e28f42ea2021-12-21 12:21:46.943root 11241100x8000000000000000656000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4183e3f0f9e02a012021-12-21 12:21:46.944root 11241100x8000000000000000656001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075822b83872baa72021-12-21 12:21:46.944root 11241100x8000000000000000656002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f281459bdfd2fee2021-12-21 12:21:46.944root 354300x8000000000000000656003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.256{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49878-false10.0.1.12-8000- 11241100x8000000000000000656004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ff6c8cbb7939592021-12-21 12:21:47.257root 11241100x8000000000000000656005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9a8f72d523ab262021-12-21 12:21:47.257root 11241100x8000000000000000656006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f2755818c799622021-12-21 12:21:47.257root 11241100x8000000000000000656007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1997a2468736d7382021-12-21 12:21:47.257root 11241100x8000000000000000656008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754bbd6177de2fea2021-12-21 12:21:47.257root 11241100x8000000000000000656009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc4799903731c552021-12-21 12:21:47.257root 11241100x8000000000000000656010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44720d551bea9e652021-12-21 12:21:47.257root 11241100x8000000000000000656011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d9c20a9c3b9ed02021-12-21 12:21:47.257root 11241100x8000000000000000656012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a42a97ab4cf77ce2021-12-21 12:21:47.258root 11241100x8000000000000000656013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad812f9c7a560072021-12-21 12:21:47.693root 11241100x8000000000000000656014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc5d750562c24382021-12-21 12:21:47.693root 11241100x8000000000000000656015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f522795b48b273a2021-12-21 12:21:47.693root 11241100x8000000000000000656016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7947691c6c0a3ead2021-12-21 12:21:47.693root 11241100x8000000000000000656017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2395346b07c35222021-12-21 12:21:47.693root 11241100x8000000000000000656018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0689374788e509d52021-12-21 12:21:47.693root 11241100x8000000000000000656019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6758c34f4a15292021-12-21 12:21:47.693root 11241100x8000000000000000656020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115ad827183d1ec72021-12-21 12:21:47.693root 11241100x8000000000000000656021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c7ecd0c2e77c992021-12-21 12:21:47.693root 11241100x8000000000000000656022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a94e2a701fdd182021-12-21 12:21:48.193root 11241100x8000000000000000656023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccddd3db766ac472021-12-21 12:21:48.193root 11241100x8000000000000000656024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2225d03f50afaf042021-12-21 12:21:48.193root 11241100x8000000000000000656025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bc0cf3e504f17f2021-12-21 12:21:48.193root 11241100x8000000000000000656026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a012808b2bfb0b22021-12-21 12:21:48.193root 11241100x8000000000000000656027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b471c5c4cc0cab2021-12-21 12:21:48.193root 11241100x8000000000000000656028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78c71ade725e5fd2021-12-21 12:21:48.193root 11241100x8000000000000000656029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70e5861b9aa0c122021-12-21 12:21:48.193root 11241100x8000000000000000656030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c3fc896369f8562021-12-21 12:21:48.193root 11241100x8000000000000000656031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a388bb5ece0a619a2021-12-21 12:21:48.693root 11241100x8000000000000000656032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8186da05a497104c2021-12-21 12:21:48.693root 11241100x8000000000000000656033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b75500dd1bd7f3f2021-12-21 12:21:48.693root 11241100x8000000000000000656034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00ef3756216e4a62021-12-21 12:21:48.693root 11241100x8000000000000000656035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d70494f26576f02021-12-21 12:21:48.693root 11241100x8000000000000000656036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31821440c34bcba2021-12-21 12:21:48.693root 11241100x8000000000000000656037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1adbefedc287662021-12-21 12:21:48.693root 11241100x8000000000000000656038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499ee6fc3962df082021-12-21 12:21:48.693root 11241100x8000000000000000656039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a12c2481b7d07892021-12-21 12:21:48.693root 11241100x8000000000000000656040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818021cbdbf8d4902021-12-21 12:21:49.193root 11241100x8000000000000000656041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fadad0b78ef2725d2021-12-21 12:21:49.193root 11241100x8000000000000000656042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea5c0a963b7b4a52021-12-21 12:21:49.193root 11241100x8000000000000000656043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a06568c4c598d22021-12-21 12:21:49.193root 11241100x8000000000000000656044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f094e70bc17453ba2021-12-21 12:21:49.193root 11241100x8000000000000000656045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5d8d566f5d0c072021-12-21 12:21:49.193root 11241100x8000000000000000656046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d1573b3c0d0eec2021-12-21 12:21:49.193root 11241100x8000000000000000656047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3411ca8fd0fce172021-12-21 12:21:49.193root 11241100x8000000000000000656048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2315d107a1ecb7ff2021-12-21 12:21:49.194root 11241100x8000000000000000656049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006e2cd5cf6c00002021-12-21 12:21:49.693root 11241100x8000000000000000656050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac7ad4a5786b2962021-12-21 12:21:49.693root 11241100x8000000000000000656051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165cfa595ec547f72021-12-21 12:21:49.693root 11241100x8000000000000000656052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184ead4360b2f70e2021-12-21 12:21:49.693root 11241100x8000000000000000656053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf26781f1e4571262021-12-21 12:21:49.693root 11241100x8000000000000000656054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc11d2db8f9ee5a2021-12-21 12:21:49.693root 11241100x8000000000000000656055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa88d4389186cc12021-12-21 12:21:49.693root 11241100x8000000000000000656056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663fe09dedfc28342021-12-21 12:21:49.694root 11241100x8000000000000000656057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd73fcd1c1a8c882021-12-21 12:21:49.694root 11241100x8000000000000000656058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caae0bc41e60efdb2021-12-21 12:21:50.193root 11241100x8000000000000000656059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e29233e9d985f72021-12-21 12:21:50.193root 11241100x8000000000000000656060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1b20e87ab28b6a2021-12-21 12:21:50.193root 11241100x8000000000000000656061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b1646ef26b9b252021-12-21 12:21:50.193root 11241100x8000000000000000656062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120e08362dcedf3c2021-12-21 12:21:50.193root 11241100x8000000000000000656063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03cf2e2449146e02021-12-21 12:21:50.193root 11241100x8000000000000000656064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc921a6d12689762021-12-21 12:21:50.194root 11241100x8000000000000000656065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ce00d1ad07ca682021-12-21 12:21:50.194root 11241100x8000000000000000656066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac988a57bb3111c2021-12-21 12:21:50.194root 11241100x8000000000000000656067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5893096717cd9d2021-12-21 12:21:50.693root 11241100x8000000000000000656068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b8193df62a48672021-12-21 12:21:50.693root 11241100x8000000000000000656069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fe136840397cb32021-12-21 12:21:50.693root 11241100x8000000000000000656070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9b96042fdf731e2021-12-21 12:21:50.693root 11241100x8000000000000000656071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f0cc4d1f5f8f7b2021-12-21 12:21:50.693root 11241100x8000000000000000656072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecaab0fe0a4e0eae2021-12-21 12:21:50.693root 11241100x8000000000000000656073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9794701e3de56852021-12-21 12:21:50.693root 11241100x8000000000000000656074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571b7eef67f342e82021-12-21 12:21:50.693root 11241100x8000000000000000656075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5133351c7c76ec6d2021-12-21 12:21:50.693root 11241100x8000000000000000656076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72063f8bd6fd9ce52021-12-21 12:21:51.193root 11241100x8000000000000000656077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e5081ef87aef9c2021-12-21 12:21:51.193root 11241100x8000000000000000656078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245479ff60930a6e2021-12-21 12:21:51.193root 11241100x8000000000000000656079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09fefedb30f94df2021-12-21 12:21:51.193root 11241100x8000000000000000656080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564e16767aef80182021-12-21 12:21:51.193root 11241100x8000000000000000656081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c42c3434957fd92021-12-21 12:21:51.193root 11241100x8000000000000000656082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcaf810cb08e7a892021-12-21 12:21:51.193root 11241100x8000000000000000656083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689a82ab038258aa2021-12-21 12:21:51.193root 11241100x8000000000000000656084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a0fa71f3423cee2021-12-21 12:21:51.194root 11241100x8000000000000000656085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711ae5f0462ee6552021-12-21 12:21:51.693root 11241100x8000000000000000656086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6600461c60a001ab2021-12-21 12:21:51.693root 11241100x8000000000000000656087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e5ec7354a5fbd52021-12-21 12:21:51.693root 11241100x8000000000000000656088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc432dc3cc224572021-12-21 12:21:51.693root 11241100x8000000000000000656089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53f65ced09928092021-12-21 12:21:51.693root 11241100x8000000000000000656090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cc55b536028fd92021-12-21 12:21:51.694root 11241100x8000000000000000656091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b9e19542466be12021-12-21 12:21:51.694root 11241100x8000000000000000656092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2bf45eba14439872021-12-21 12:21:51.694root 11241100x8000000000000000656093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf77b5c593e72ae2021-12-21 12:21:51.694root 11241100x8000000000000000656094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5602dc8c55c6484f2021-12-21 12:21:52.193root 11241100x8000000000000000656095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373714558ed6e0ab2021-12-21 12:21:52.193root 11241100x8000000000000000656096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1befcffdfa1b23bd2021-12-21 12:21:52.193root 11241100x8000000000000000656097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d984badb09d312b2021-12-21 12:21:52.193root 11241100x8000000000000000656098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb574b9d87270032021-12-21 12:21:52.193root 11241100x8000000000000000656099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff6a3eafa81b5ea2021-12-21 12:21:52.193root 11241100x8000000000000000656100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cb5483b31b43032021-12-21 12:21:52.193root 11241100x8000000000000000656101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d827d6b482be6e8e2021-12-21 12:21:52.193root 11241100x8000000000000000656102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761f7bd77a882aa02021-12-21 12:21:52.194root 11241100x8000000000000000656103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0667246888f02e432021-12-21 12:21:52.693root 11241100x8000000000000000656104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3580475e07303782021-12-21 12:21:52.693root 11241100x8000000000000000656105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5ca74e835d894d2021-12-21 12:21:52.693root 11241100x8000000000000000656106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5234f8d190a00e512021-12-21 12:21:52.693root 11241100x8000000000000000656107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ed43149af38ba82021-12-21 12:21:52.693root 11241100x8000000000000000656108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bbaea608702cdc2021-12-21 12:21:52.693root 11241100x8000000000000000656109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d48e8b9c38f8df2021-12-21 12:21:52.693root 11241100x8000000000000000656110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289bbfbf2baf28dc2021-12-21 12:21:52.693root 11241100x8000000000000000656111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45faa1ff1d2b30d2021-12-21 12:21:52.693root 354300x8000000000000000656112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.047{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49880-false10.0.1.12-8000- 11241100x8000000000000000656113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd21f3fa543929f2021-12-21 12:21:53.048root 11241100x8000000000000000656114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c6e716bad2db4e2021-12-21 12:21:53.048root 11241100x8000000000000000656115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3562f134f4c479312021-12-21 12:21:53.048root 11241100x8000000000000000656116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fb1ee999f0bc912021-12-21 12:21:53.048root 11241100x8000000000000000656117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5adcf0c900f05e72021-12-21 12:21:53.049root 11241100x8000000000000000656118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d105a1b34b5188152021-12-21 12:21:53.049root 11241100x8000000000000000656119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020c5d808c0e43082021-12-21 12:21:53.049root 11241100x8000000000000000656120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc69f8640419f8f2021-12-21 12:21:53.049root 11241100x8000000000000000656121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438205356b5d9d2a2021-12-21 12:21:53.049root 11241100x8000000000000000656122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720f8c384a6a3a5f2021-12-21 12:21:53.049root 11241100x8000000000000000656123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90b89348cc454a12021-12-21 12:21:53.443root 11241100x8000000000000000656124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfc8fdad84b0e502021-12-21 12:21:53.443root 11241100x8000000000000000656125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fec73f97454c952021-12-21 12:21:53.443root 11241100x8000000000000000656126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa643e0838abf6bd2021-12-21 12:21:53.443root 11241100x8000000000000000656127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d821d2b2d7279932021-12-21 12:21:53.443root 11241100x8000000000000000656128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bcdebd0d1d9c022021-12-21 12:21:53.443root 11241100x8000000000000000656129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef3c776f2d5f15b2021-12-21 12:21:53.443root 11241100x8000000000000000656130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfeacae7ee02cdc2021-12-21 12:21:53.443root 11241100x8000000000000000656131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9657e35c205361852021-12-21 12:21:53.443root 11241100x8000000000000000656132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc537ab111033252021-12-21 12:21:53.444root 11241100x8000000000000000656133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a185ac1ea9ca1a2021-12-21 12:21:53.943root 11241100x8000000000000000656134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be883f444b25283d2021-12-21 12:21:53.943root 11241100x8000000000000000656135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cf9378ca65bc072021-12-21 12:21:53.943root 11241100x8000000000000000656136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f002b8fedaedd02021-12-21 12:21:53.943root 11241100x8000000000000000656137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91d42805ff76a692021-12-21 12:21:53.943root 11241100x8000000000000000656138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18e514ff68ae3ce2021-12-21 12:21:53.943root 11241100x8000000000000000656139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7c790163cae1942021-12-21 12:21:53.944root 11241100x8000000000000000656140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa126afc93421d5d2021-12-21 12:21:53.944root 11241100x8000000000000000656141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8cdf86fe4239cc2021-12-21 12:21:53.944root 11241100x8000000000000000656142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768e768e9090dfd22021-12-21 12:21:53.944root 11241100x8000000000000000656143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc19de166ccdab32021-12-21 12:21:54.443root 11241100x8000000000000000656144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b471743f2c245462021-12-21 12:21:54.443root 11241100x8000000000000000656145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5918b72349e5b9342021-12-21 12:21:54.443root 11241100x8000000000000000656146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae42b751a708bdee2021-12-21 12:21:54.443root 11241100x8000000000000000656147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515b781fe40895472021-12-21 12:21:54.443root 11241100x8000000000000000656148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b2fc24e804ddcc2021-12-21 12:21:54.443root 11241100x8000000000000000656149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b208844b1e1db2852021-12-21 12:21:54.443root 11241100x8000000000000000656150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c888611e692747842021-12-21 12:21:54.443root 11241100x8000000000000000656151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3413012e4f4923722021-12-21 12:21:54.443root 11241100x8000000000000000656152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8862226f6733012021-12-21 12:21:54.443root 11241100x8000000000000000656153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92bba192eae16d12021-12-21 12:21:54.943root 11241100x8000000000000000656154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9177297f649398f72021-12-21 12:21:54.943root 11241100x8000000000000000656155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8d0b7cab659f0f2021-12-21 12:21:54.943root 11241100x8000000000000000656156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffead65eb7d70552021-12-21 12:21:54.943root 11241100x8000000000000000656157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23771a147ca969b2021-12-21 12:21:54.943root 11241100x8000000000000000656158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31be812d6a404cc12021-12-21 12:21:54.943root 11241100x8000000000000000656159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dfc177aedc40ca2021-12-21 12:21:54.943root 11241100x8000000000000000656160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b47acf78d38d62d2021-12-21 12:21:54.943root 11241100x8000000000000000656161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02acaa44ac7534a2021-12-21 12:21:54.943root 11241100x8000000000000000656162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9d00585b2a66102021-12-21 12:21:54.944root 11241100x8000000000000000656163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277c239dc51e28a52021-12-21 12:21:55.443root 11241100x8000000000000000656164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be89a710ba735f002021-12-21 12:21:55.443root 11241100x8000000000000000656165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c5a0be8d673eca2021-12-21 12:21:55.443root 11241100x8000000000000000656166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cbdbb28faa275d2021-12-21 12:21:55.443root 11241100x8000000000000000656167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a935a2921e8b1de72021-12-21 12:21:55.443root 11241100x8000000000000000656168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aad5e7579538ead2021-12-21 12:21:55.443root 11241100x8000000000000000656169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d885441b56c5ca2021-12-21 12:21:55.443root 11241100x8000000000000000656170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ebe6ca7650c76f2021-12-21 12:21:55.443root 11241100x8000000000000000656171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad88829c7a0ffc72021-12-21 12:21:55.443root 11241100x8000000000000000656172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adc91b1b9abd31a2021-12-21 12:21:55.443root 11241100x8000000000000000656173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ec9808272ee7bb2021-12-21 12:21:55.943root 11241100x8000000000000000656174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cdc08ddb67c1792021-12-21 12:21:55.943root 11241100x8000000000000000656175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1bc3a979b280ae2021-12-21 12:21:55.943root 11241100x8000000000000000656176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a80d2036ecd9422021-12-21 12:21:55.943root 11241100x8000000000000000656177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c5baa6bd7460052021-12-21 12:21:55.943root 11241100x8000000000000000656178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc77c74bd8b4875b2021-12-21 12:21:55.943root 11241100x8000000000000000656179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c9de170ac9e29e2021-12-21 12:21:55.943root 11241100x8000000000000000656180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157f79aed3822e9c2021-12-21 12:21:55.943root 11241100x8000000000000000656181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df76a7e71119cd3e2021-12-21 12:21:55.944root 11241100x8000000000000000656182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22f7a0dde67a55d2021-12-21 12:21:55.944root 11241100x8000000000000000656183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421f654cbc8cf7a92021-12-21 12:21:56.443root 11241100x8000000000000000656184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9de0d4fd985a8a42021-12-21 12:21:56.443root 11241100x8000000000000000656185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04af1c3b1d4dc1e22021-12-21 12:21:56.443root 11241100x8000000000000000656186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ddb3cf8fc9077e2021-12-21 12:21:56.443root 11241100x8000000000000000656187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0958cf5d463fa22021-12-21 12:21:56.443root 11241100x8000000000000000656188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4764f99a10b0342021-12-21 12:21:56.443root 11241100x8000000000000000656189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82718e40ee080822021-12-21 12:21:56.443root 11241100x8000000000000000656190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14402005e3d8fefe2021-12-21 12:21:56.443root 11241100x8000000000000000656191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc95a33b2033fe422021-12-21 12:21:56.443root 11241100x8000000000000000656192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65d873d88d222ab2021-12-21 12:21:56.443root 11241100x8000000000000000656193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ed010647674e042021-12-21 12:21:56.943root 11241100x8000000000000000656194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0aa00d618acf2d12021-12-21 12:21:56.943root 11241100x8000000000000000656195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf82dd4057b69bac2021-12-21 12:21:56.943root 11241100x8000000000000000656196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38129865ed32d94e2021-12-21 12:21:56.943root 11241100x8000000000000000656197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace1b5878ae6117d2021-12-21 12:21:56.943root 11241100x8000000000000000656198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554e44ab40e5c6262021-12-21 12:21:56.943root 11241100x8000000000000000656199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29532d4f070670f02021-12-21 12:21:56.943root 11241100x8000000000000000656200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6382431595076112021-12-21 12:21:56.944root 11241100x8000000000000000656201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bc4f778e3ecc742021-12-21 12:21:56.944root 11241100x8000000000000000656202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd9cd462560021b2021-12-21 12:21:56.944root 11241100x8000000000000000656203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5899a2d49496332021-12-21 12:21:57.443root 11241100x8000000000000000656204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ee8f77bca34d162021-12-21 12:21:57.443root 11241100x8000000000000000656205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814ba32d361d5e5c2021-12-21 12:21:57.443root 11241100x8000000000000000656206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c80a227662afac2021-12-21 12:21:57.443root 11241100x8000000000000000656207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc80f17ede518592021-12-21 12:21:57.443root 11241100x8000000000000000656208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9168d2cac3d3b6322021-12-21 12:21:57.443root 11241100x8000000000000000656209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efbc2e084d5cfd22021-12-21 12:21:57.443root 11241100x8000000000000000656210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183ea29fa6cfcc5c2021-12-21 12:21:57.443root 11241100x8000000000000000656211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905018eacda6807b2021-12-21 12:21:57.444root 11241100x8000000000000000656212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2be0d9027d3def82021-12-21 12:21:57.444root 11241100x8000000000000000656213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18c7d78528e80562021-12-21 12:21:57.943root 11241100x8000000000000000656214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b171b029a1a78a42021-12-21 12:21:57.943root 11241100x8000000000000000656215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3bdc0448608fcc2021-12-21 12:21:57.943root 11241100x8000000000000000656216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfda7ace1ea7b50e2021-12-21 12:21:57.943root 11241100x8000000000000000656217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11c64cd78b1a8812021-12-21 12:21:57.943root 11241100x8000000000000000656218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f35dcd4641ca6032021-12-21 12:21:57.943root 11241100x8000000000000000656219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f852441a5d65012021-12-21 12:21:57.943root 11241100x8000000000000000656220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a061a8a340c30ac2021-12-21 12:21:57.943root 11241100x8000000000000000656221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde1d9ad61cfad162021-12-21 12:21:57.943root 11241100x8000000000000000656222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9318e7d4bc2697892021-12-21 12:21:57.944root 354300x8000000000000000656223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.213{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49882-false10.0.1.12-8000- 11241100x8000000000000000656224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6cbdd22f76a7bb2021-12-21 12:21:58.215root 11241100x8000000000000000656225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb3ea7dc7f9f4022021-12-21 12:21:58.215root 11241100x8000000000000000656226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615f9b8080fd7e6f2021-12-21 12:21:58.215root 11241100x8000000000000000656227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de84ef0ff37d1a32021-12-21 12:21:58.215root 11241100x8000000000000000656228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f6ee0a1c9b0e562021-12-21 12:21:58.215root 11241100x8000000000000000656229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab11aa9647b6f542021-12-21 12:21:58.215root 11241100x8000000000000000656230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2d005fc16c7db82021-12-21 12:21:58.215root 11241100x8000000000000000656231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eaa9a0d1e2016f52021-12-21 12:21:58.215root 11241100x8000000000000000656232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed7417657018f682021-12-21 12:21:58.215root 11241100x8000000000000000656233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8ed9d77d7630632021-12-21 12:21:58.215root 11241100x8000000000000000656234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cb413f19da7eae2021-12-21 12:21:58.215root 11241100x8000000000000000656235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d129fd6d1f258d72021-12-21 12:21:58.693root 11241100x8000000000000000656236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029e67b9a07052d62021-12-21 12:21:58.693root 11241100x8000000000000000656237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992796b7cfb4ac012021-12-21 12:21:58.693root 11241100x8000000000000000656238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4e7cd706d09e1f2021-12-21 12:21:58.693root 11241100x8000000000000000656239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794b9b821327d53a2021-12-21 12:21:58.693root 11241100x8000000000000000656240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32424c448019479a2021-12-21 12:21:58.693root 11241100x8000000000000000656241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e13b9a2e7648a662021-12-21 12:21:58.693root 11241100x8000000000000000656242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b240adde6acfd4b32021-12-21 12:21:58.693root 11241100x8000000000000000656243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb0c5fb5cd6188a2021-12-21 12:21:58.693root 11241100x8000000000000000656244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f84d48b0e90a4c2021-12-21 12:21:58.694root 11241100x8000000000000000656245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a68fc90dde86cc2021-12-21 12:21:58.694root 11241100x8000000000000000656246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc05d3058720b4c2021-12-21 12:21:59.193root 11241100x8000000000000000656247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef0ee9aad5483ea2021-12-21 12:21:59.193root 11241100x8000000000000000656248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f27ca6e3787f4cd2021-12-21 12:21:59.193root 11241100x8000000000000000656249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd3753da9e073b52021-12-21 12:21:59.193root 11241100x8000000000000000656250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3242b2bb948d692a2021-12-21 12:21:59.193root 11241100x8000000000000000656251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f1afc1b7e9398c2021-12-21 12:21:59.193root 11241100x8000000000000000656252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c7ab523a9f46872021-12-21 12:21:59.193root 11241100x8000000000000000656253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48b9ef743de4f412021-12-21 12:21:59.193root 11241100x8000000000000000656254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd19e6e70d0f07192021-12-21 12:21:59.193root 11241100x8000000000000000656255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe16740aae7e07c2021-12-21 12:21:59.193root 11241100x8000000000000000656256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26def65ac4d95ff2021-12-21 12:21:59.193root 11241100x8000000000000000656257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120b7b9c4d706e152021-12-21 12:21:59.693root 11241100x8000000000000000656258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58163b23ab51fe722021-12-21 12:21:59.693root 11241100x8000000000000000656259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8b2b1dc0eb889e2021-12-21 12:21:59.693root 11241100x8000000000000000656260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2d13dcf20045e12021-12-21 12:21:59.693root 11241100x8000000000000000656261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06ad68d988c1e2f2021-12-21 12:21:59.693root 11241100x8000000000000000656262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35878473e45e2d122021-12-21 12:21:59.693root 11241100x8000000000000000656263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffec8aa075fd0f752021-12-21 12:21:59.693root 11241100x8000000000000000656264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5bf98aad0f74932021-12-21 12:21:59.693root 11241100x8000000000000000656265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6fcc1d41ee6e442021-12-21 12:21:59.693root 11241100x8000000000000000656266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195b255b8c4086702021-12-21 12:21:59.694root 11241100x8000000000000000656267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9084e0cf2e40adf2021-12-21 12:21:59.694root 11241100x8000000000000000656268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab235881e0ff307d2021-12-21 12:22:00.193root 11241100x8000000000000000656269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b103588c2da4f92021-12-21 12:22:00.194root 11241100x8000000000000000656270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465a0d2229fd44762021-12-21 12:22:00.194root 11241100x8000000000000000656271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496bcbc08027d9d92021-12-21 12:22:00.194root 11241100x8000000000000000656272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9eb7a081d39d53b2021-12-21 12:22:00.194root 11241100x8000000000000000656273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1d2bb9670b85702021-12-21 12:22:00.194root 11241100x8000000000000000656274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5732c93388b46a92021-12-21 12:22:00.194root 11241100x8000000000000000656275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659301573e37ec362021-12-21 12:22:00.194root 11241100x8000000000000000656276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67a3e4b9c8b34322021-12-21 12:22:00.194root 11241100x8000000000000000656277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801972c6194d3ddf2021-12-21 12:22:00.194root 11241100x8000000000000000656278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f25d4accfff043e2021-12-21 12:22:00.194root 11241100x8000000000000000656279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21b1a7e6c03b29f2021-12-21 12:22:00.693root 11241100x8000000000000000656280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a3efc2b95651e82021-12-21 12:22:00.693root 11241100x8000000000000000656281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fe7af33e9e72832021-12-21 12:22:00.693root 11241100x8000000000000000656282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f5189802d8f6782021-12-21 12:22:00.693root 11241100x8000000000000000656283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa417e6c95fa44182021-12-21 12:22:00.693root 11241100x8000000000000000656284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97f173646fc9ed02021-12-21 12:22:00.693root 11241100x8000000000000000656285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bcaf3d40602b822021-12-21 12:22:00.693root 11241100x8000000000000000656286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a067ce449697fa2021-12-21 12:22:00.693root 11241100x8000000000000000656287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b4f0f3336553d22021-12-21 12:22:00.693root 11241100x8000000000000000656288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7c1ca24ca9b4162021-12-21 12:22:00.694root 11241100x8000000000000000656289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3fd1336cb2f1012021-12-21 12:22:00.694root 11241100x8000000000000000656290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24398a02aece2cf2021-12-21 12:22:01.193root 11241100x8000000000000000656291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10adeae987a419c72021-12-21 12:22:01.193root 11241100x8000000000000000656292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab537f5deba60af62021-12-21 12:22:01.193root 11241100x8000000000000000656293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c79445f17c02212021-12-21 12:22:01.193root 11241100x8000000000000000656294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3795e9a80b9db07d2021-12-21 12:22:01.193root 11241100x8000000000000000656295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012dcc33a3081fc32021-12-21 12:22:01.193root 11241100x8000000000000000656296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72ff2c584bd743f2021-12-21 12:22:01.193root 11241100x8000000000000000656297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2b5a62f93dd3fc2021-12-21 12:22:01.194root 11241100x8000000000000000656298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee5f861ff60e2472021-12-21 12:22:01.194root 11241100x8000000000000000656299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6a5abf92b4bb522021-12-21 12:22:01.194root 11241100x8000000000000000656300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c0a390a419051a2021-12-21 12:22:01.194root 11241100x8000000000000000656301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16052c13ff09b1ae2021-12-21 12:22:01.693root 11241100x8000000000000000656302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc58c98b26c7dbe62021-12-21 12:22:01.693root 11241100x8000000000000000656303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9c39111b2e86392021-12-21 12:22:01.693root 11241100x8000000000000000656304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73685d4a05fd6f62021-12-21 12:22:01.693root 11241100x8000000000000000656305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48128f23413a89c62021-12-21 12:22:01.693root 11241100x8000000000000000656306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6afe75d4df80212021-12-21 12:22:01.693root 11241100x8000000000000000656307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99ebed1c565ac7b2021-12-21 12:22:01.693root 11241100x8000000000000000656308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83682ffd98c5e7fe2021-12-21 12:22:01.693root 11241100x8000000000000000656309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0f2110515ea6842021-12-21 12:22:01.693root 11241100x8000000000000000656310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87e9727142fd3342021-12-21 12:22:01.693root 11241100x8000000000000000656311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82a677a558829872021-12-21 12:22:01.693root 11241100x8000000000000000656312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65c6f61b836c50f2021-12-21 12:22:02.193root 11241100x8000000000000000656313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a47ba50c82b95e72021-12-21 12:22:02.193root 11241100x8000000000000000656314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39726973ed5621612021-12-21 12:22:02.193root 11241100x8000000000000000656315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cde7360b00b5e22021-12-21 12:22:02.193root 11241100x8000000000000000656316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79d961bc798f47c2021-12-21 12:22:02.193root 11241100x8000000000000000656317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b564903bf2c329c12021-12-21 12:22:02.193root 11241100x8000000000000000656318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58218ab21a45fc2c2021-12-21 12:22:02.193root 11241100x8000000000000000656319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ce5a040933f63a2021-12-21 12:22:02.193root 11241100x8000000000000000656320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e349b426a59106152021-12-21 12:22:02.194root 11241100x8000000000000000656321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55a2bd967303f132021-12-21 12:22:02.194root 11241100x8000000000000000656322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a2163b03b894452021-12-21 12:22:02.194root 11241100x8000000000000000656323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4be17c64f2c54522021-12-21 12:22:02.693root 11241100x8000000000000000656324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f53ab90913479b52021-12-21 12:22:02.693root 11241100x8000000000000000656325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def66afdbe9ead732021-12-21 12:22:02.693root 11241100x8000000000000000656326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1234f68c2c85c60d2021-12-21 12:22:02.693root 11241100x8000000000000000656327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb28b2c9000d70c82021-12-21 12:22:02.693root 11241100x8000000000000000656328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2c05bb2dbe8ca42021-12-21 12:22:02.693root 11241100x8000000000000000656329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017bc1e691c5bc002021-12-21 12:22:02.693root 11241100x8000000000000000656330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93df01a90ad830072021-12-21 12:22:02.694root 11241100x8000000000000000656331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e454a86af185fd2021-12-21 12:22:02.694root 11241100x8000000000000000656332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70437591d5c05812021-12-21 12:22:02.694root 11241100x8000000000000000656333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a2d6befe9ec3f22021-12-21 12:22:02.694root 11241100x8000000000000000656334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a5372cafeffcf72021-12-21 12:22:03.193root 11241100x8000000000000000656335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee889fd1eea2192c2021-12-21 12:22:03.193root 11241100x8000000000000000656336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166eacbf1118b1c92021-12-21 12:22:03.193root 11241100x8000000000000000656337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae3d1a5ad5ed43d2021-12-21 12:22:03.194root 11241100x8000000000000000656338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496a2937072372e52021-12-21 12:22:03.194root 11241100x8000000000000000656339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70373aa44fb218182021-12-21 12:22:03.194root 11241100x8000000000000000656340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6490b8a08bc1b562021-12-21 12:22:03.194root 11241100x8000000000000000656341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579c1182b45aeffc2021-12-21 12:22:03.194root 11241100x8000000000000000656342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a02f9c10ff30212021-12-21 12:22:03.194root 11241100x8000000000000000656343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c36571479739ec82021-12-21 12:22:03.195root 11241100x8000000000000000656344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd795cddb983aa42021-12-21 12:22:03.195root 354300x8000000000000000656345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.259{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49884-false10.0.1.12-8000- 11241100x8000000000000000656346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf05a62af846d50c2021-12-21 12:22:03.693root 11241100x8000000000000000656347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f25318ba403bdd02021-12-21 12:22:03.693root 11241100x8000000000000000656348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8a22a375c439022021-12-21 12:22:03.693root 11241100x8000000000000000656349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74497f61464354022021-12-21 12:22:03.694root 11241100x8000000000000000656350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f0e50d453dbaf12021-12-21 12:22:03.694root 11241100x8000000000000000656351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78dfdb37d2f1f1f82021-12-21 12:22:03.694root 11241100x8000000000000000656352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c5ea97b05156702021-12-21 12:22:03.694root 11241100x8000000000000000656353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434af979d8a701f72021-12-21 12:22:03.694root 11241100x8000000000000000656354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a78b632881010222021-12-21 12:22:03.694root 11241100x8000000000000000656355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f876b280e04dae42021-12-21 12:22:03.695root 11241100x8000000000000000656356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f6e6e66df65f7b2021-12-21 12:22:03.695root 11241100x8000000000000000656357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a3191d8d1cca662021-12-21 12:22:03.695root 11241100x8000000000000000656358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685ec6387d4582262021-12-21 12:22:03.695root 11241100x8000000000000000656359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6206bbd0e7cc822021-12-21 12:22:03.695root 11241100x8000000000000000656360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68b8bdb72a32a792021-12-21 12:22:04.193root 11241100x8000000000000000656361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1556a17a9b688fa2021-12-21 12:22:04.193root 11241100x8000000000000000656362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0b788bf68855792021-12-21 12:22:04.193root 11241100x8000000000000000656363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878b25b7b31a34762021-12-21 12:22:04.194root 11241100x8000000000000000656364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c325e029a89e10952021-12-21 12:22:04.194root 11241100x8000000000000000656365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d576a9ed13be89c22021-12-21 12:22:04.194root 11241100x8000000000000000656366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961d7387e11eda572021-12-21 12:22:04.194root 11241100x8000000000000000656367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f186d6e0837d51c2021-12-21 12:22:04.194root 11241100x8000000000000000656368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743bb2680732d7a72021-12-21 12:22:04.194root 11241100x8000000000000000656369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c05ce2854cb9be2021-12-21 12:22:04.194root 11241100x8000000000000000656370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5728ff44652321d2021-12-21 12:22:04.195root 11241100x8000000000000000656371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef833245cb25cb42021-12-21 12:22:04.195root 11241100x8000000000000000656372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc8447b7f7b17102021-12-21 12:22:04.693root 11241100x8000000000000000656373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82db90729a9660532021-12-21 12:22:04.693root 11241100x8000000000000000656374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf852a9724e2eca2021-12-21 12:22:04.693root 11241100x8000000000000000656375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc74fe2e57d2651f2021-12-21 12:22:04.693root 11241100x8000000000000000656376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cf08473c554a092021-12-21 12:22:04.693root 11241100x8000000000000000656377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17189041e24d893c2021-12-21 12:22:04.693root 11241100x8000000000000000656378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4c20a95947f9fb2021-12-21 12:22:04.693root 11241100x8000000000000000656379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3aa78289b3a0f272021-12-21 12:22:04.694root 11241100x8000000000000000656380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba5d77af15a7a552021-12-21 12:22:04.694root 11241100x8000000000000000656381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc311d5b1b8dd6892021-12-21 12:22:04.694root 11241100x8000000000000000656382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf5eb723dc8061b2021-12-21 12:22:04.694root 11241100x8000000000000000656383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7573965003b814e2021-12-21 12:22:04.694root 11241100x8000000000000000656384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d646267a3d1fa6502021-12-21 12:22:05.193root 11241100x8000000000000000656385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375b29ad82e52d622021-12-21 12:22:05.193root 11241100x8000000000000000656386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c92639a23cc05c2021-12-21 12:22:05.193root 11241100x8000000000000000656387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f84b0fab0721bc2021-12-21 12:22:05.194root 11241100x8000000000000000656388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0115fd199ce2ea9d2021-12-21 12:22:05.194root 11241100x8000000000000000656389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bc69bf022842552021-12-21 12:22:05.194root 11241100x8000000000000000656390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da707398026165c2021-12-21 12:22:05.194root 11241100x8000000000000000656391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc5cf6ba2a5d7042021-12-21 12:22:05.195root 11241100x8000000000000000656392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0997d45162c74afd2021-12-21 12:22:05.195root