11241100x8000000000000000651124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:29.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ee7731397d4fd02021-12-21 12:19:29.192root 11241100x8000000000000000651125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f953c4ed74d2cc52021-12-21 12:19:29.193root 11241100x8000000000000000651126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576eed7649132af52021-12-21 12:19:29.193root 11241100x8000000000000000651127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:29.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbaa36ab316123c72021-12-21 12:19:29.692root 11241100x8000000000000000651128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6227d824e579dd252021-12-21 12:19:29.693root 11241100x8000000000000000651129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7573652f0d19fa8f2021-12-21 12:19:29.693root 11241100x8000000000000000651130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:30.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d6174074dd1e0a2021-12-21 12:19:30.192root 11241100x8000000000000000651131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed36b03305097bbc2021-12-21 12:19:30.193root 11241100x8000000000000000651132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa102c03dfdf2d02021-12-21 12:19:30.193root 11241100x8000000000000000651133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:30.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cc22017a7b57942021-12-21 12:19:30.692root 11241100x8000000000000000651134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc3347a1b6ea1472021-12-21 12:19:30.693root 11241100x8000000000000000651135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b85c72193e51f4d2021-12-21 12:19:30.693root 354300x8000000000000000651136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.105{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49824-false10.0.1.12-8000- 11241100x8000000000000000651137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.106{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fe58693cc854722021-12-21 12:19:31.106root 11241100x8000000000000000651138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.106{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6311a99d3f931c6c2021-12-21 12:19:31.106root 11241100x8000000000000000651139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.106{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e58bcb62a06e1e92021-12-21 12:19:31.106root 11241100x8000000000000000651140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.106{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda4ac458abea0652021-12-21 12:19:31.106root 11241100x8000000000000000651141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b86ffff4fe6ebb02021-12-21 12:19:31.442root 11241100x8000000000000000651142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb2f7df9715923b2021-12-21 12:19:31.443root 11241100x8000000000000000651143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4220a80fce98702021-12-21 12:19:31.443root 11241100x8000000000000000651144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccbce04dd6deb852021-12-21 12:19:31.443root 11241100x8000000000000000651145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53a729006a74f952021-12-21 12:19:31.942root 11241100x8000000000000000651146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bab8b1d45d5d2f82021-12-21 12:19:31.943root 11241100x8000000000000000651147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59f22a2d00ae5a32021-12-21 12:19:31.943root 11241100x8000000000000000651148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00db08ded6caffa2021-12-21 12:19:31.943root 11241100x8000000000000000651149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:32.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46094843e9a1c0f52021-12-21 12:19:32.442root 11241100x8000000000000000651150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8863bd22bbbd532021-12-21 12:19:32.443root 11241100x8000000000000000651151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87df3e5602d8dab62021-12-21 12:19:32.443root 11241100x8000000000000000651152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55076ee98a4fde8e2021-12-21 12:19:32.443root 11241100x8000000000000000651153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:32.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8286b8712fc29a732021-12-21 12:19:32.942root 11241100x8000000000000000651154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa85de2a02480d42021-12-21 12:19:32.943root 11241100x8000000000000000651155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e426c921f3a722e2021-12-21 12:19:32.943root 11241100x8000000000000000651156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b95e91fc2edb9982021-12-21 12:19:32.943root 11241100x8000000000000000651157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:33.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f389e55242b2962021-12-21 12:19:33.442root 11241100x8000000000000000651158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68733686833678b72021-12-21 12:19:33.443root 11241100x8000000000000000651159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57e01bf461ca2512021-12-21 12:19:33.443root 11241100x8000000000000000651160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb8de82374ccde92021-12-21 12:19:33.443root 11241100x8000000000000000651161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:33.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e595abe97fc148a62021-12-21 12:19:33.942root 11241100x8000000000000000651162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1e50e8ad227e992021-12-21 12:19:33.943root 11241100x8000000000000000651163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16065ecfdb6333f12021-12-21 12:19:33.943root 11241100x8000000000000000651164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105920cfb254f2ec2021-12-21 12:19:33.943root 11241100x8000000000000000651165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:34.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26883c627974d3f82021-12-21 12:19:34.442root 11241100x8000000000000000651166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92ca05dc4e776042021-12-21 12:19:34.443root 11241100x8000000000000000651167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3023da755398e3302021-12-21 12:19:34.443root 11241100x8000000000000000651168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e956bb37f9ab9b1a2021-12-21 12:19:34.443root 11241100x8000000000000000651169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:34.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5abcbb3e6ee3222021-12-21 12:19:34.942root 11241100x8000000000000000651170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35faab1d8dbe2d2b2021-12-21 12:19:34.943root 11241100x8000000000000000651171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab31a2c72da584d22021-12-21 12:19:34.943root 11241100x8000000000000000651172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9715838acefb33e2021-12-21 12:19:34.943root 11241100x8000000000000000651173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fca6b2423ede95d2021-12-21 12:19:35.448root 11241100x8000000000000000651174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a25ea3fa53487d2021-12-21 12:19:35.448root 11241100x8000000000000000651175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2163a6572020ecc2021-12-21 12:19:35.448root 11241100x8000000000000000651176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359bfd519ff7b48d2021-12-21 12:19:35.448root 11241100x8000000000000000651177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:35.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34d8fea956bffab2021-12-21 12:19:35.942root 11241100x8000000000000000651178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cd61bd96c5a9022021-12-21 12:19:35.943root 11241100x8000000000000000651179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cb3cda7801b7282021-12-21 12:19:35.943root 11241100x8000000000000000651180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4066ff455a404f32021-12-21 12:19:35.943root 11241100x8000000000000000651181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.143{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:19:36.143root 11241100x8000000000000000651182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4d8716dd7d9f4b2021-12-21 12:19:36.443root 11241100x8000000000000000651183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb98461988256fd2021-12-21 12:19:36.443root 11241100x8000000000000000651184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3691d97c45a01a602021-12-21 12:19:36.443root 11241100x8000000000000000651185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babf0c964ece69ba2021-12-21 12:19:36.443root 11241100x8000000000000000651186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be47dfb908a61c262021-12-21 12:19:36.443root 11241100x8000000000000000651187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41528a9695ae8062021-12-21 12:19:36.943root 11241100x8000000000000000651188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1099dfdf9b484f72021-12-21 12:19:36.943root 11241100x8000000000000000651189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fabeef2c72946d2021-12-21 12:19:36.943root 11241100x8000000000000000651190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a3079f0d26a2572021-12-21 12:19:36.943root 11241100x8000000000000000651191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3ac155a70d84db2021-12-21 12:19:36.943root 354300x8000000000000000651192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.024{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49826-false10.0.1.12-8000- 11241100x8000000000000000651193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe3cb4b00b49a952021-12-21 12:19:37.443root 11241100x8000000000000000651194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4fa75f9700b4892021-12-21 12:19:37.443root 11241100x8000000000000000651195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a6ef24287f8a582021-12-21 12:19:37.443root 11241100x8000000000000000651196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502236c10a795b052021-12-21 12:19:37.443root 11241100x8000000000000000651197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7a8034bd82f12e2021-12-21 12:19:37.443root 11241100x8000000000000000651198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79209c0e67c3047e2021-12-21 12:19:37.443root 11241100x8000000000000000651199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c93430d6e8144c22021-12-21 12:19:37.943root 11241100x8000000000000000651200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bbe09067379ee52021-12-21 12:19:37.943root 11241100x8000000000000000651201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fd6a5d6c71277a2021-12-21 12:19:37.943root 11241100x8000000000000000651202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9fb81f1246d61c2021-12-21 12:19:37.943root 11241100x8000000000000000651203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4efd7c555e923982021-12-21 12:19:37.943root 11241100x8000000000000000651204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223718c0755117bf2021-12-21 12:19:37.943root 11241100x8000000000000000651205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217ef1201e161c162021-12-21 12:19:38.443root 11241100x8000000000000000651206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ae2e730473af9b2021-12-21 12:19:38.443root 11241100x8000000000000000651207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc49f61948e7ec62021-12-21 12:19:38.443root 11241100x8000000000000000651208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaeb8daa614fa2362021-12-21 12:19:38.443root 11241100x8000000000000000651209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98faa854f46c15992021-12-21 12:19:38.443root 11241100x8000000000000000651210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcde883da42a6132021-12-21 12:19:38.443root 11241100x8000000000000000651211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb88574a86c2720b2021-12-21 12:19:38.943root 11241100x8000000000000000651212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3541286e4d6927a2021-12-21 12:19:38.943root 11241100x8000000000000000651213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2caf73ecc2fc36742021-12-21 12:19:38.943root 11241100x8000000000000000651214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be71cd405a14c11a2021-12-21 12:19:38.943root 11241100x8000000000000000651215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3347d4f48c8c0fcc2021-12-21 12:19:38.943root 11241100x8000000000000000651216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4824f4a7e8a6b0582021-12-21 12:19:38.943root 23542300x8000000000000000651217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.144{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000651218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374fbb5ba539f1ff2021-12-21 12:19:39.443root 11241100x8000000000000000651219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5fb59d181ceec52021-12-21 12:19:39.443root 11241100x8000000000000000651220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9772c5b0ebd17c1a2021-12-21 12:19:39.443root 11241100x8000000000000000651221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7424912f4a403c162021-12-21 12:19:39.443root 11241100x8000000000000000651222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876630b6770ad41e2021-12-21 12:19:39.443root 11241100x8000000000000000651223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11686e6aab89168a2021-12-21 12:19:39.443root 11241100x8000000000000000651224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68606e0cd33746c2021-12-21 12:19:39.443root 11241100x8000000000000000651225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f30a5b58200f062021-12-21 12:19:39.943root 11241100x8000000000000000651226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67f4fd593d04ff22021-12-21 12:19:39.943root 11241100x8000000000000000651227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7466a5ad67268df92021-12-21 12:19:39.943root 11241100x8000000000000000651228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4199149d3d1b9a7d2021-12-21 12:19:39.943root 11241100x8000000000000000651229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab54d20b6c4dd8962021-12-21 12:19:39.943root 11241100x8000000000000000651230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4cc16ae47339c32021-12-21 12:19:39.943root 11241100x8000000000000000651231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5708519e9198d67b2021-12-21 12:19:39.943root 11241100x8000000000000000651232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2201d21c68612e2021-12-21 12:19:40.443root 11241100x8000000000000000651233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0facccf5d8e97d2021-12-21 12:19:40.443root 11241100x8000000000000000651234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba2a2b2de32dbe32021-12-21 12:19:40.443root 11241100x8000000000000000651235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b02ef47fd80e39f2021-12-21 12:19:40.443root 11241100x8000000000000000651236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212d1d916867d35e2021-12-21 12:19:40.443root 11241100x8000000000000000651237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f524744ff1fe55132021-12-21 12:19:40.443root 11241100x8000000000000000651238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce29f1510ae30292021-12-21 12:19:40.443root 11241100x8000000000000000651239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3660beaa8adbf12021-12-21 12:19:40.943root 11241100x8000000000000000651240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0cfb4fbed4a5e92021-12-21 12:19:40.943root 11241100x8000000000000000651241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca006b97a9b75032021-12-21 12:19:40.943root 11241100x8000000000000000651242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6c8a972d02de1c2021-12-21 12:19:40.943root 11241100x8000000000000000651243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb137f27d1c696022021-12-21 12:19:40.943root 11241100x8000000000000000651244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4002503c1d9f012021-12-21 12:19:40.943root 11241100x8000000000000000651245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee9f173447c7dc22021-12-21 12:19:40.943root 11241100x8000000000000000651246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7faf60e297f4e9c62021-12-21 12:19:41.443root 11241100x8000000000000000651247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0192105094cdd3af2021-12-21 12:19:41.443root 11241100x8000000000000000651248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd462223ca748602021-12-21 12:19:41.443root 11241100x8000000000000000651249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713054f89258ee302021-12-21 12:19:41.443root 11241100x8000000000000000651250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20cced564789e6672021-12-21 12:19:41.443root 11241100x8000000000000000651251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9873e4af6cd80a302021-12-21 12:19:41.443root 11241100x8000000000000000651252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644f5bc33fd059ec2021-12-21 12:19:41.443root 11241100x8000000000000000651253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4788981f204daa3e2021-12-21 12:19:41.943root 11241100x8000000000000000651254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a34fdfe3b52787f2021-12-21 12:19:41.943root 11241100x8000000000000000651255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb6972c5a64334b2021-12-21 12:19:41.943root 11241100x8000000000000000651256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd4739ad8b4579c2021-12-21 12:19:41.943root 11241100x8000000000000000651257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265be0546ea69b502021-12-21 12:19:41.943root 11241100x8000000000000000651258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fc3c55a1abbada2021-12-21 12:19:41.943root 11241100x8000000000000000651259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536d37f879c684ea2021-12-21 12:19:41.943root 354300x8000000000000000651260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.096{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49828-false10.0.1.12-8000- 11241100x8000000000000000651261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd7a02358ccdbef2021-12-21 12:19:42.443root 11241100x8000000000000000651262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a43ad889f4ececb2021-12-21 12:19:42.443root 11241100x8000000000000000651263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dd1d0c4f48b0df2021-12-21 12:19:42.443root 11241100x8000000000000000651264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c632dd71ffeb6f2021-12-21 12:19:42.443root 11241100x8000000000000000651265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b4e80564be6a0e2021-12-21 12:19:42.443root 11241100x8000000000000000651266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20ec013cb2c3b732021-12-21 12:19:42.444root 11241100x8000000000000000651267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0c2884fea9eccf2021-12-21 12:19:42.444root 11241100x8000000000000000651268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47332ab4735f39d62021-12-21 12:19:42.444root 11241100x8000000000000000651269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8789b0fada5793cd2021-12-21 12:19:42.943root 11241100x8000000000000000651270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c1c622224598d92021-12-21 12:19:42.944root 11241100x8000000000000000651271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7518127d2363f12021-12-21 12:19:42.944root 11241100x8000000000000000651272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d2e587c7244b062021-12-21 12:19:42.944root 11241100x8000000000000000651273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63956078ba044cd42021-12-21 12:19:42.944root 11241100x8000000000000000651274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ac519de11fbf152021-12-21 12:19:42.944root 11241100x8000000000000000651275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32267728a22a5aaa2021-12-21 12:19:42.944root 11241100x8000000000000000651276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37d8bc02d9a20c32021-12-21 12:19:42.945root 11241100x8000000000000000651277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575fba63b506bc8b2021-12-21 12:19:43.443root 11241100x8000000000000000651278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e179053e82ecc002021-12-21 12:19:43.443root 11241100x8000000000000000651279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffaaacf6d4c8bc972021-12-21 12:19:43.443root 11241100x8000000000000000651280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5532a0a0389517722021-12-21 12:19:43.443root 11241100x8000000000000000651281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15092c64b78c865b2021-12-21 12:19:43.443root 11241100x8000000000000000651282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed408f7a8a4981482021-12-21 12:19:43.443root 11241100x8000000000000000651283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771fe3919589c15c2021-12-21 12:19:43.443root 11241100x8000000000000000651284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad900042ce7248d2021-12-21 12:19:43.444root 11241100x8000000000000000651285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23dc3153953d68c2021-12-21 12:19:43.943root 11241100x8000000000000000651286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e48952c58ffe60a2021-12-21 12:19:43.943root 11241100x8000000000000000651287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f465367005138f2021-12-21 12:19:43.943root 11241100x8000000000000000651288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7b0fd1c4d507c02021-12-21 12:19:43.943root 11241100x8000000000000000651289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c5ec4a0c062e072021-12-21 12:19:43.943root 11241100x8000000000000000651290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccad47b5da6a1382021-12-21 12:19:43.943root 11241100x8000000000000000651291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3754c9a286901962021-12-21 12:19:43.944root 11241100x8000000000000000651292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae6d39c2eea6a932021-12-21 12:19:43.944root 11241100x8000000000000000651293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a35e2b18908ae32021-12-21 12:19:44.443root 11241100x8000000000000000651294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59433341609bc502021-12-21 12:19:44.443root 11241100x8000000000000000651295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e031610c79f53bf2021-12-21 12:19:44.443root 11241100x8000000000000000651296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c9d09d1950baee2021-12-21 12:19:44.443root 11241100x8000000000000000651297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ee43358e76ccd92021-12-21 12:19:44.443root 11241100x8000000000000000651298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1b909c11d6943c2021-12-21 12:19:44.443root 11241100x8000000000000000651299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791ace5e69415daa2021-12-21 12:19:44.443root 11241100x8000000000000000651300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e492f111fd2bbb92021-12-21 12:19:44.444root 11241100x8000000000000000651301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4c43ffdd5dd4e12021-12-21 12:19:44.943root 11241100x8000000000000000651302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d522c7d9b8ed15342021-12-21 12:19:44.943root 11241100x8000000000000000651303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986e1899bcd0f8932021-12-21 12:19:44.943root 11241100x8000000000000000651304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19059310c2204abb2021-12-21 12:19:44.943root 11241100x8000000000000000651305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba4267d8766f3c72021-12-21 12:19:44.943root 11241100x8000000000000000651306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d5fe18856c695c2021-12-21 12:19:44.943root 11241100x8000000000000000651307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c977e1950c46d92021-12-21 12:19:44.943root 11241100x8000000000000000651308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe5591a63d70f832021-12-21 12:19:44.944root 11241100x8000000000000000651309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6602d90dbeadbf2021-12-21 12:19:45.443root 11241100x8000000000000000651310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d9feb8db6af2fc2021-12-21 12:19:45.443root 11241100x8000000000000000651311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ab1af93433defc2021-12-21 12:19:45.443root 11241100x8000000000000000651312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88047d6cd5e295902021-12-21 12:19:45.443root 11241100x8000000000000000651313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557af3bdb90700702021-12-21 12:19:45.443root 11241100x8000000000000000651314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd2f74416f54a772021-12-21 12:19:45.444root 11241100x8000000000000000651315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982deb53e553fec02021-12-21 12:19:45.444root 11241100x8000000000000000651316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7545ffc8a151dd8b2021-12-21 12:19:45.444root 11241100x8000000000000000651317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8ba50a0e9a68062021-12-21 12:19:45.943root 11241100x8000000000000000651318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483ccd8ec2d95d952021-12-21 12:19:45.943root 11241100x8000000000000000651319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bc39dce7dd2ad32021-12-21 12:19:45.943root 11241100x8000000000000000651320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f359c8d1ee1de6d2021-12-21 12:19:45.943root 11241100x8000000000000000651321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbea35f990d7bf72021-12-21 12:19:45.943root 11241100x8000000000000000651322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32f3d1b62794fe12021-12-21 12:19:45.943root 11241100x8000000000000000651323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6f2967119bd1c12021-12-21 12:19:45.944root 11241100x8000000000000000651324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60eddb591f86e3632021-12-21 12:19:45.944root 11241100x8000000000000000651325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9c1fdc1b4d80552021-12-21 12:19:46.443root 11241100x8000000000000000651326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633b37bbaa1cd3aa2021-12-21 12:19:46.443root 11241100x8000000000000000651327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70463de5ab8d45b92021-12-21 12:19:46.443root 11241100x8000000000000000651328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e4cdf404e9d0cd2021-12-21 12:19:46.443root 11241100x8000000000000000651329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d043b11d5e9d110d2021-12-21 12:19:46.443root 11241100x8000000000000000651330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5992c11b1e972c412021-12-21 12:19:46.443root 11241100x8000000000000000651331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098eca63bf02ab432021-12-21 12:19:46.443root 11241100x8000000000000000651332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147b23c26e29926c2021-12-21 12:19:46.444root 11241100x8000000000000000651333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e896423539945f2021-12-21 12:19:46.943root 11241100x8000000000000000651334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e002106a7a02302021-12-21 12:19:46.943root 11241100x8000000000000000651335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd080c79e56a97872021-12-21 12:19:46.943root 11241100x8000000000000000651336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f13db35bc38dae2021-12-21 12:19:46.943root 11241100x8000000000000000651337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b196a5aeeb05632021-12-21 12:19:46.943root 11241100x8000000000000000651338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7671982eda60f632021-12-21 12:19:46.943root 11241100x8000000000000000651339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7645685a1ac126732021-12-21 12:19:46.943root 11241100x8000000000000000651340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d97061e7370ff2f2021-12-21 12:19:46.943root 354300x8000000000000000651341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.236{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49830-false10.0.1.12-8000- 11241100x8000000000000000651342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a771e218ffcea52021-12-21 12:19:47.237root 11241100x8000000000000000651343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0985ad299fc777c2021-12-21 12:19:47.237root 11241100x8000000000000000651344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c253566483b982b22021-12-21 12:19:47.237root 11241100x8000000000000000651345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34d68ec9f8f119d2021-12-21 12:19:47.237root 11241100x8000000000000000651346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca026a5db341fe82021-12-21 12:19:47.237root 11241100x8000000000000000651347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e35a0bf5b2ff2b2021-12-21 12:19:47.238root 11241100x8000000000000000651348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d3f5235b182b4b2021-12-21 12:19:47.238root 11241100x8000000000000000651349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b20ee6cc3375bf2021-12-21 12:19:47.238root 11241100x8000000000000000651350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4286fd6bffbf05f42021-12-21 12:19:47.238root 11241100x8000000000000000651351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ac56e55aef57172021-12-21 12:19:47.693root 11241100x8000000000000000651352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f75f9958a97535b2021-12-21 12:19:47.693root 11241100x8000000000000000651353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01be2a201ef51e782021-12-21 12:19:47.693root 11241100x8000000000000000651354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9b0c07d78612ca2021-12-21 12:19:47.693root 11241100x8000000000000000651355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64dbf34160d46e1b2021-12-21 12:19:47.693root 11241100x8000000000000000651356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc2e8d98cefbac72021-12-21 12:19:47.693root 11241100x8000000000000000651357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a06dd47791a1e82021-12-21 12:19:47.693root 11241100x8000000000000000651358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ff4952ff05f4ee2021-12-21 12:19:47.693root 11241100x8000000000000000651359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1633f0a6b87438322021-12-21 12:19:47.693root 11241100x8000000000000000651360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc6f839a69ece3f2021-12-21 12:19:48.193root 11241100x8000000000000000651361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678d63473437bfe42021-12-21 12:19:48.193root 11241100x8000000000000000651362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaf176d22742bbb2021-12-21 12:19:48.193root 11241100x8000000000000000651363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7b4d32d7ee57fd2021-12-21 12:19:48.193root 11241100x8000000000000000651364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2843945a5a1621a42021-12-21 12:19:48.193root 11241100x8000000000000000651365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608c3d8d7f25a8662021-12-21 12:19:48.193root 11241100x8000000000000000651366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6a4c03f7aae08f2021-12-21 12:19:48.193root 11241100x8000000000000000651367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cdb5a435cc44db2021-12-21 12:19:48.194root 11241100x8000000000000000651368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd17fe80450afeca2021-12-21 12:19:48.194root 11241100x8000000000000000651369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2eb6235111447a2021-12-21 12:19:48.693root 11241100x8000000000000000651370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ea6ed1360790592021-12-21 12:19:48.693root 11241100x8000000000000000651371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367ebc43b2298db92021-12-21 12:19:48.693root 11241100x8000000000000000651372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841b3d007ee780d52021-12-21 12:19:48.693root 11241100x8000000000000000651373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62445bcf2d20dda02021-12-21 12:19:48.693root 11241100x8000000000000000651374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42955b5901d8ec282021-12-21 12:19:48.693root 11241100x8000000000000000651375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc8f71493cec6e22021-12-21 12:19:48.693root 11241100x8000000000000000651376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8910b58d24b11ea72021-12-21 12:19:48.694root 11241100x8000000000000000651377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353fa40c928c4e432021-12-21 12:19:48.694root 11241100x8000000000000000651378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4863d06579b844692021-12-21 12:19:49.193root 11241100x8000000000000000651379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80724252d4be5732021-12-21 12:19:49.193root 11241100x8000000000000000651380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea383793caa4c8b2021-12-21 12:19:49.193root 11241100x8000000000000000651381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9391a658dd8137192021-12-21 12:19:49.193root 11241100x8000000000000000651382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486d4db7530f40042021-12-21 12:19:49.194root 11241100x8000000000000000651383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c60b573eb03ee052021-12-21 12:19:49.194root 11241100x8000000000000000651384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73360eb6c4c3d23d2021-12-21 12:19:49.194root 11241100x8000000000000000651385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9787be251d7669882021-12-21 12:19:49.194root 11241100x8000000000000000651386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1c6fece37cfb632021-12-21 12:19:49.194root 11241100x8000000000000000651387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd104ea42b2342b32021-12-21 12:19:49.693root 11241100x8000000000000000651388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5aca9e77f40da8f2021-12-21 12:19:49.693root 11241100x8000000000000000651389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da0a5c1b03cdef32021-12-21 12:19:49.693root 11241100x8000000000000000651390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04ac450e156e6982021-12-21 12:19:49.693root 11241100x8000000000000000651391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653e3d41c7da59d12021-12-21 12:19:49.694root 11241100x8000000000000000651392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078dc346a76831cc2021-12-21 12:19:49.694root 11241100x8000000000000000651393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b893b58ef99afc2021-12-21 12:19:49.694root 11241100x8000000000000000651394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2464b93d05f4eb032021-12-21 12:19:49.694root 11241100x8000000000000000651395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f58c987c38c604d2021-12-21 12:19:49.694root 11241100x8000000000000000651396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d85b613ca65e062021-12-21 12:19:50.193root 11241100x8000000000000000651397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6754e0dd32f47e5a2021-12-21 12:19:50.193root 11241100x8000000000000000651398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe07eae469e3dad22021-12-21 12:19:50.193root 11241100x8000000000000000651399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bcf40e770463012021-12-21 12:19:50.193root 11241100x8000000000000000651400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8c789c509b3b4d2021-12-21 12:19:50.193root 11241100x8000000000000000651401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82460393f25a73aa2021-12-21 12:19:50.194root 11241100x8000000000000000651402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc80e04ff9a0961c2021-12-21 12:19:50.194root 11241100x8000000000000000651403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d8029255d6093a2021-12-21 12:19:50.194root 11241100x8000000000000000651404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49def7907b1084fc2021-12-21 12:19:50.194root 11241100x8000000000000000651405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14bca176850e29b2021-12-21 12:19:50.693root 11241100x8000000000000000651406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b292db0dfd8f8cf2021-12-21 12:19:50.693root 11241100x8000000000000000651407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab8855e1900523f2021-12-21 12:19:50.693root 11241100x8000000000000000651408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df937c40ac8432a2021-12-21 12:19:50.693root 11241100x8000000000000000651409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8ff881789f06282021-12-21 12:19:50.693root 11241100x8000000000000000651410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e30a1651f9a10952021-12-21 12:19:50.693root 11241100x8000000000000000651411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3523c02e713df52021-12-21 12:19:50.693root 11241100x8000000000000000651412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661e541b25271bdb2021-12-21 12:19:50.693root 11241100x8000000000000000651413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ead530ad7a708b2021-12-21 12:19:50.693root 11241100x8000000000000000651414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321dec3bfc5fcd232021-12-21 12:19:51.193root 11241100x8000000000000000651415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5eebaa45115f8c2021-12-21 12:19:51.193root 11241100x8000000000000000651416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d014ef83dce99bd82021-12-21 12:19:51.193root 11241100x8000000000000000651417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218b9b2ec6476b022021-12-21 12:19:51.193root 11241100x8000000000000000651418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf890eb3eb1cb79b2021-12-21 12:19:51.193root 11241100x8000000000000000651419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3887085e78525e982021-12-21 12:19:51.193root 11241100x8000000000000000651420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee54c9db909573b2021-12-21 12:19:51.193root 11241100x8000000000000000651421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f85a9834cd1dfbb2021-12-21 12:19:51.193root 11241100x8000000000000000651422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0715386eb70afb7c2021-12-21 12:19:51.193root 11241100x8000000000000000651423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef842153d3a7955f2021-12-21 12:19:51.693root 11241100x8000000000000000651424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e15b3db932de8f2021-12-21 12:19:51.693root 11241100x8000000000000000651425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab17b34aed013872021-12-21 12:19:51.693root 11241100x8000000000000000651426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ad53d5839d94d52021-12-21 12:19:51.693root 11241100x8000000000000000651427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743ebe713e2a40702021-12-21 12:19:51.693root 11241100x8000000000000000651428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d67f2cd2bdbe57d2021-12-21 12:19:51.693root 11241100x8000000000000000651429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779ecefa12abf3372021-12-21 12:19:51.693root 11241100x8000000000000000651430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75a0170ce6bfede2021-12-21 12:19:51.693root 11241100x8000000000000000651431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25b8a984fcc282d2021-12-21 12:19:51.693root 11241100x8000000000000000651432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe69b9474053e2d2021-12-21 12:19:52.193root 11241100x8000000000000000651433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9461b24e9e9b9fb2021-12-21 12:19:52.193root 11241100x8000000000000000651434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d9b793a800885e2021-12-21 12:19:52.193root 11241100x8000000000000000651435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd30cf96b761d7f52021-12-21 12:19:52.193root 11241100x8000000000000000651436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba24b331c0a66552021-12-21 12:19:52.193root 11241100x8000000000000000651437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0ea748c577c8f82021-12-21 12:19:52.193root 11241100x8000000000000000651438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f21632b92aa6492021-12-21 12:19:52.193root 11241100x8000000000000000651439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c155ad6d105e5c2021-12-21 12:19:52.193root 11241100x8000000000000000651440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea94729b7efa0cd2021-12-21 12:19:52.193root 11241100x8000000000000000651441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8652a4d517b64ea2021-12-21 12:19:52.692root 11241100x8000000000000000651442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b449b2c941b9fc2021-12-21 12:19:52.693root 11241100x8000000000000000651443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eada59653843b4612021-12-21 12:19:52.693root 11241100x8000000000000000651444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f02df6ba105cb52021-12-21 12:19:52.693root 11241100x8000000000000000651445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bace75b40da848872021-12-21 12:19:52.693root 11241100x8000000000000000651446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c35ced0c39a9ff2021-12-21 12:19:52.693root 11241100x8000000000000000651447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe44a65f14d73532021-12-21 12:19:52.693root 11241100x8000000000000000651448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f854ebd57ce8dcb2021-12-21 12:19:52.693root 11241100x8000000000000000651449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8b2d893514045f2021-12-21 12:19:52.693root 354300x8000000000000000651450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.083{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49832-false10.0.1.12-8000- 11241100x8000000000000000651451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a61793e50a569972021-12-21 12:19:53.083root 11241100x8000000000000000651452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93f316f5418dc2b2021-12-21 12:19:53.084root 11241100x8000000000000000651453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290239443657bb1d2021-12-21 12:19:53.084root 11241100x8000000000000000651454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4923957d5b88341e2021-12-21 12:19:53.084root 11241100x8000000000000000651455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a72d64f684055fc2021-12-21 12:19:53.084root 11241100x8000000000000000651456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0efa7820daa02e2021-12-21 12:19:53.084root 11241100x8000000000000000651457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0f7f555c9f6a962021-12-21 12:19:53.084root 11241100x8000000000000000651458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bfd33338b5894d2021-12-21 12:19:53.084root 11241100x8000000000000000651459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6929de1cb8a6ee9b2021-12-21 12:19:53.085root 11241100x8000000000000000651460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970c57683bd674562021-12-21 12:19:53.085root 11241100x8000000000000000651461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8565a2d32b84f532021-12-21 12:19:53.443root 11241100x8000000000000000651462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74da650cb7676e0b2021-12-21 12:19:53.443root 11241100x8000000000000000651463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8047832f90e44abe2021-12-21 12:19:53.443root 11241100x8000000000000000651464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3203b81dd044dab2021-12-21 12:19:53.443root 11241100x8000000000000000651465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c12843fa06f4272021-12-21 12:19:53.443root 11241100x8000000000000000651466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4a51696a0df3b02021-12-21 12:19:53.444root 11241100x8000000000000000651467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3765ac36aacf21042021-12-21 12:19:53.444root 11241100x8000000000000000651468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0791503452ec4c362021-12-21 12:19:53.444root 11241100x8000000000000000651469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb72f29370fd875f2021-12-21 12:19:53.444root 11241100x8000000000000000651470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e6cd2dec35830f2021-12-21 12:19:53.444root 11241100x8000000000000000651471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2f337d187adc702021-12-21 12:19:53.943root 11241100x8000000000000000651472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8aff1f9cca7025a2021-12-21 12:19:53.943root 11241100x8000000000000000651473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f9a2cdf1ebe4e82021-12-21 12:19:53.943root 11241100x8000000000000000651474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c632ee6c1f0491412021-12-21 12:19:53.943root 11241100x8000000000000000651475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791b121404d68bfd2021-12-21 12:19:53.943root 11241100x8000000000000000651476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3369db53de584392021-12-21 12:19:53.944root 11241100x8000000000000000651477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c03063b8ef1c122021-12-21 12:19:53.944root 11241100x8000000000000000651478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad5d27cbc1c7f372021-12-21 12:19:53.944root 11241100x8000000000000000651479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fd5e8503c3146d2021-12-21 12:19:53.944root 11241100x8000000000000000651480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea1df93c00e82cc2021-12-21 12:19:53.945root 11241100x8000000000000000651481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c86ec2f161ae9d2021-12-21 12:19:54.443root 11241100x8000000000000000651482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d255a631620f192021-12-21 12:19:54.443root 11241100x8000000000000000651483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4701f76644d54a62021-12-21 12:19:54.443root 11241100x8000000000000000651484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023b8acdec40ada72021-12-21 12:19:54.443root 11241100x8000000000000000651485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2aa4d031b558822021-12-21 12:19:54.443root 11241100x8000000000000000651486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9135249fc62dc02021-12-21 12:19:54.443root 11241100x8000000000000000651487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22ce58a5bf6baf52021-12-21 12:19:54.443root 11241100x8000000000000000651488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781d5e8dfd7d72c42021-12-21 12:19:54.443root 11241100x8000000000000000651489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1331d159a6776692021-12-21 12:19:54.444root 11241100x8000000000000000651490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd833777c2e6a912021-12-21 12:19:54.444root 11241100x8000000000000000651491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c2546f5934e28d2021-12-21 12:19:54.943root 11241100x8000000000000000651492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c627de904165d3d92021-12-21 12:19:54.943root 11241100x8000000000000000651493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddae0b7b7a2bc4082021-12-21 12:19:54.943root 11241100x8000000000000000651494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de665e2b9bf1ff02021-12-21 12:19:54.943root 11241100x8000000000000000651495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f1e65da031eb2f2021-12-21 12:19:54.943root 11241100x8000000000000000651496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c8c17e658873ba2021-12-21 12:19:54.944root 11241100x8000000000000000651497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81020cbcabc436c2021-12-21 12:19:54.944root 11241100x8000000000000000651498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6ed51a2d57e6f62021-12-21 12:19:54.944root 11241100x8000000000000000651499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b24237044e1bdb72021-12-21 12:19:54.944root 11241100x8000000000000000651500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db52fce0b65bca0b2021-12-21 12:19:54.944root 11241100x8000000000000000651501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6be7d44f8486b82021-12-21 12:19:55.443root 11241100x8000000000000000651502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f17a79026389dd2021-12-21 12:19:55.443root 11241100x8000000000000000651503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ca88e53c34ff632021-12-21 12:19:55.443root 11241100x8000000000000000651504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2a4e0b929334252021-12-21 12:19:55.443root 11241100x8000000000000000651505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35af698cb0b02602021-12-21 12:19:55.443root 11241100x8000000000000000651506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2ed0838c882b902021-12-21 12:19:55.443root 11241100x8000000000000000651507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9b021480d1b9102021-12-21 12:19:55.443root 11241100x8000000000000000651508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7e04d755f133122021-12-21 12:19:55.443root 11241100x8000000000000000651509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa33de6e9dce5512021-12-21 12:19:55.443root 11241100x8000000000000000651510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a939c5eed0a34772021-12-21 12:19:55.444root 11241100x8000000000000000651511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534b5ff7e4ec24ba2021-12-21 12:19:55.943root 11241100x8000000000000000651512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c279acb781b25b32021-12-21 12:19:55.943root 11241100x8000000000000000651513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ffdbe62912c90d2021-12-21 12:19:55.943root 11241100x8000000000000000651514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b1e0daac4abd2d2021-12-21 12:19:55.943root 11241100x8000000000000000651515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fc84b0d883540a2021-12-21 12:19:55.943root 11241100x8000000000000000651516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600eda75e2158f492021-12-21 12:19:55.943root 11241100x8000000000000000651517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1c602ec5c7ef2d2021-12-21 12:19:55.944root 11241100x8000000000000000651518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3c6b97796f88cd2021-12-21 12:19:55.944root 11241100x8000000000000000651519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a702daf4b386628c2021-12-21 12:19:55.944root 11241100x8000000000000000651520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2579da18e68c812021-12-21 12:19:55.944root 11241100x8000000000000000651521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752fdbe6f22090dd2021-12-21 12:19:56.443root 11241100x8000000000000000651522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5a64e9ee4f560e2021-12-21 12:19:56.443root 11241100x8000000000000000651523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7274bd4865e35f682021-12-21 12:19:56.443root 11241100x8000000000000000651524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf24c2218c9bba02021-12-21 12:19:56.443root 11241100x8000000000000000651525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22e0b3dfc9f5a332021-12-21 12:19:56.443root 11241100x8000000000000000651526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e688a16b2e0e71792021-12-21 12:19:56.443root 11241100x8000000000000000651527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb12a7ca731862e2021-12-21 12:19:56.444root 11241100x8000000000000000651528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85dd504ae4c06b52021-12-21 12:19:56.444root 11241100x8000000000000000651529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bf173a20fba1e02021-12-21 12:19:56.444root 11241100x8000000000000000651530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa268b3d24f970892021-12-21 12:19:56.444root 11241100x8000000000000000651531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7287c1e6a257d9d2021-12-21 12:19:56.943root 11241100x8000000000000000651532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0476694151cee32021-12-21 12:19:56.943root 11241100x8000000000000000651533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c85f1068cb57c452021-12-21 12:19:56.943root 11241100x8000000000000000651534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f93ca4350f8fd4a2021-12-21 12:19:56.943root 11241100x8000000000000000651535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e6ceefa7011a762021-12-21 12:19:56.943root 11241100x8000000000000000651536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f3d0b80350a0832021-12-21 12:19:56.944root 11241100x8000000000000000651537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5631474c40c90d2021-12-21 12:19:56.944root 11241100x8000000000000000651538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16386da41df71afb2021-12-21 12:19:56.944root 11241100x8000000000000000651539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcee39c000b96a3f2021-12-21 12:19:56.944root 11241100x8000000000000000651540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a28f8200f18e5912021-12-21 12:19:56.944root 11241100x8000000000000000651541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489fc01cff43b1b52021-12-21 12:19:57.442root 11241100x8000000000000000651542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b018980f4c1dd6ce2021-12-21 12:19:57.443root 11241100x8000000000000000651543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c78b7f2dfe87b12021-12-21 12:19:57.443root 11241100x8000000000000000651544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a0f735c739c8502021-12-21 12:19:57.443root 11241100x8000000000000000651545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b913affd1d2d74072021-12-21 12:19:57.443root 11241100x8000000000000000651546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac48e4b50e4d0492021-12-21 12:19:57.443root 11241100x8000000000000000651547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f405a64b3353132021-12-21 12:19:57.444root 11241100x8000000000000000651548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793137af3773b4372021-12-21 12:19:57.444root 11241100x8000000000000000651549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be390980af4f0882021-12-21 12:19:57.444root 11241100x8000000000000000651550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8290057fea3f2d32021-12-21 12:19:57.444root 11241100x8000000000000000651551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0513e93147941ae2021-12-21 12:19:57.943root 11241100x8000000000000000651552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa97c96d9b4694542021-12-21 12:19:57.943root 11241100x8000000000000000651553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada5cae95c7f072b2021-12-21 12:19:57.943root 11241100x8000000000000000651554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfba1f55dc135b92021-12-21 12:19:57.943root 11241100x8000000000000000651555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e060a20c1b4fb42021-12-21 12:19:57.943root 11241100x8000000000000000651556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890abbfe29fd47a62021-12-21 12:19:57.943root 11241100x8000000000000000651557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6db9af826285b7c2021-12-21 12:19:57.943root 11241100x8000000000000000651558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6737df0e404a2042021-12-21 12:19:57.943root 11241100x8000000000000000651559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af27c2b8e6f456e2021-12-21 12:19:57.943root 11241100x8000000000000000651560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12a9ccb8dfa5f522021-12-21 12:19:57.943root 354300x8000000000000000651561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.206{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49834-false10.0.1.12-8000- 11241100x8000000000000000651562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75bcb5df7eac5ee2021-12-21 12:19:58.207root 11241100x8000000000000000651563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d86e90455a2f7f2021-12-21 12:19:58.207root 11241100x8000000000000000651564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02912e0ff15dcb8f2021-12-21 12:19:58.207root 11241100x8000000000000000651565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c047424162aab0862021-12-21 12:19:58.207root 11241100x8000000000000000651566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dce8c259262b13d2021-12-21 12:19:58.207root 11241100x8000000000000000651567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03bca9075a1b6a62021-12-21 12:19:58.207root 11241100x8000000000000000651568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239e215497b449a42021-12-21 12:19:58.208root 11241100x8000000000000000651569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8896177097470e8d2021-12-21 12:19:58.208root 11241100x8000000000000000651570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd683a4b4b2a3c332021-12-21 12:19:58.208root 11241100x8000000000000000651571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21532c29f2b45cf82021-12-21 12:19:58.208root 11241100x8000000000000000651572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341688bc0e3de2a02021-12-21 12:19:58.208root 11241100x8000000000000000651573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119ed5858510d4012021-12-21 12:19:58.208root 11241100x8000000000000000651574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e871c108a4407fa2021-12-21 12:19:58.693root 11241100x8000000000000000651575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294f91165e6f288e2021-12-21 12:19:58.693root 11241100x8000000000000000651576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b2df753e74290a2021-12-21 12:19:58.693root 11241100x8000000000000000651577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6cbb2269a0f3432021-12-21 12:19:58.693root 11241100x8000000000000000651578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f931fd06159929112021-12-21 12:19:58.693root 11241100x8000000000000000651579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c728acbb2744fbfb2021-12-21 12:19:58.693root 11241100x8000000000000000651580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16dad1c93aa23b92021-12-21 12:19:58.693root 11241100x8000000000000000651581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8030d5e62c5bb6722021-12-21 12:19:58.694root 11241100x8000000000000000651582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24df35ce9dd25682021-12-21 12:19:58.694root 11241100x8000000000000000651583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e334ad6bcd98902021-12-21 12:19:58.694root 11241100x8000000000000000651584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38b8061004e64022021-12-21 12:19:58.694root 11241100x8000000000000000651585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60732e5ac011692f2021-12-21 12:19:59.193root 11241100x8000000000000000651586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f07ef5b9f2ecbe62021-12-21 12:19:59.193root 11241100x8000000000000000651587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f330fd87377ba5282021-12-21 12:19:59.193root 11241100x8000000000000000651588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb0b8c0f44eaeba2021-12-21 12:19:59.193root 11241100x8000000000000000651589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65498281f99a20f72021-12-21 12:19:59.193root 11241100x8000000000000000651590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e3bac94c7b0d142021-12-21 12:19:59.193root 11241100x8000000000000000651591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904913a2f65898892021-12-21 12:19:59.193root 11241100x8000000000000000651592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1498396c2d715e2e2021-12-21 12:19:59.193root 11241100x8000000000000000651593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28834d0168c4edc92021-12-21 12:19:59.193root 11241100x8000000000000000651594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55cabd8aeff449c2021-12-21 12:19:59.193root 11241100x8000000000000000651595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dbc3893ab450f22021-12-21 12:19:59.193root 11241100x8000000000000000651596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b687f8cca358a1702021-12-21 12:19:59.693root 11241100x8000000000000000651597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf5e0419a1491742021-12-21 12:19:59.693root 11241100x8000000000000000651598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a8868c0c594cbb2021-12-21 12:19:59.693root 11241100x8000000000000000651599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a10ef9fa888dd02021-12-21 12:19:59.693root 11241100x8000000000000000651600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ddcff45f8a01a42021-12-21 12:19:59.693root 11241100x8000000000000000651601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a2f1f96c29bfef2021-12-21 12:19:59.693root 11241100x8000000000000000651602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cf5d53d74bfec72021-12-21 12:19:59.693root 11241100x8000000000000000651603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d4c58e1aa923a92021-12-21 12:19:59.694root 11241100x8000000000000000651604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31598bc35ec335992021-12-21 12:19:59.694root 11241100x8000000000000000651605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eaf5628b19d351b2021-12-21 12:19:59.694root 11241100x8000000000000000651606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:19:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a9d1abeb6659232021-12-21 12:19:59.694root 11241100x8000000000000000651607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f06857a021c746e2021-12-21 12:20:00.193root 11241100x8000000000000000651608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683263c195a5f6822021-12-21 12:20:00.193root 11241100x8000000000000000651609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59be3fbef7ed875f2021-12-21 12:20:00.193root 11241100x8000000000000000651610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e4faea589ee1f12021-12-21 12:20:00.193root 11241100x8000000000000000651611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e3f7c471a8aa462021-12-21 12:20:00.193root 11241100x8000000000000000651612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be876cccc2df98852021-12-21 12:20:00.193root 11241100x8000000000000000651613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaaec00906dda8ad2021-12-21 12:20:00.193root 11241100x8000000000000000651614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c375d915b930baf2021-12-21 12:20:00.193root 11241100x8000000000000000651615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbbf2baa54b10da2021-12-21 12:20:00.193root 11241100x8000000000000000651616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a000444c23f2e002021-12-21 12:20:00.193root 11241100x8000000000000000651617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efabe86640a2b6fc2021-12-21 12:20:00.193root 11241100x8000000000000000651618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e2fdf94429123e2021-12-21 12:20:00.693root 11241100x8000000000000000651619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5752bd4072bb33ad2021-12-21 12:20:00.693root 11241100x8000000000000000651620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9678931001aeec832021-12-21 12:20:00.693root 11241100x8000000000000000651621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21630fb6c909ddf02021-12-21 12:20:00.693root 11241100x8000000000000000651622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4798715b644a5db62021-12-21 12:20:00.693root 11241100x8000000000000000651623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ebfb86a01d122f2021-12-21 12:20:00.693root 11241100x8000000000000000651624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cc13adcfdeb0392021-12-21 12:20:00.693root 11241100x8000000000000000651625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52bb1e719894bd22021-12-21 12:20:00.693root 11241100x8000000000000000651626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6d0b80aceebc002021-12-21 12:20:00.693root 11241100x8000000000000000651627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1d67780680048d2021-12-21 12:20:00.693root 11241100x8000000000000000651628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6af17d98db3b072021-12-21 12:20:00.693root 11241100x8000000000000000651629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528d886ca3d006d32021-12-21 12:20:01.193root 11241100x8000000000000000651630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4441312b4ec8a92021-12-21 12:20:01.193root 11241100x8000000000000000651631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f9640416288ac72021-12-21 12:20:01.193root 11241100x8000000000000000651632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce700e89068c6552021-12-21 12:20:01.193root 11241100x8000000000000000651633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470acc9c4b031e9b2021-12-21 12:20:01.193root 11241100x8000000000000000651634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdbb1cf92470ca42021-12-21 12:20:01.193root 11241100x8000000000000000651635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64927a34b3b2e7432021-12-21 12:20:01.194root 11241100x8000000000000000651636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174ff59a4b51fbd32021-12-21 12:20:01.194root 11241100x8000000000000000651637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5446ea63360386fb2021-12-21 12:20:01.194root 11241100x8000000000000000651638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145530bfe18062ea2021-12-21 12:20:01.194root 11241100x8000000000000000651639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09447ea69d1535e2021-12-21 12:20:01.194root 11241100x8000000000000000651640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda181af43c2a33a2021-12-21 12:20:01.693root 11241100x8000000000000000651641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a15de7a3efe20c82021-12-21 12:20:01.693root 11241100x8000000000000000651642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c285d684127d2df2021-12-21 12:20:01.693root 11241100x8000000000000000651643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f0744701c796ea2021-12-21 12:20:01.693root 11241100x8000000000000000651644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74970ee4845cff602021-12-21 12:20:01.693root 11241100x8000000000000000651645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63811a10ce24f2a22021-12-21 12:20:01.693root 11241100x8000000000000000651646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44a991aa451b0da2021-12-21 12:20:01.693root 11241100x8000000000000000651647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c6e0135c9607052021-12-21 12:20:01.693root 11241100x8000000000000000651648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb658f107364acc2021-12-21 12:20:01.693root 11241100x8000000000000000651649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a954aef13f16249b2021-12-21 12:20:01.693root 11241100x8000000000000000651650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b226bf501eac69b22021-12-21 12:20:01.693root 11241100x8000000000000000651651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7065fff2326744b12021-12-21 12:20:02.193root 11241100x8000000000000000651652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbc1c9062425c4e2021-12-21 12:20:02.193root 11241100x8000000000000000651653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c6aeb059a044b82021-12-21 12:20:02.193root 11241100x8000000000000000651654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d870a9c2a8a4c42021-12-21 12:20:02.193root 11241100x8000000000000000651655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216e42325b2c03f02021-12-21 12:20:02.193root 11241100x8000000000000000651656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8249b3236d2c12342021-12-21 12:20:02.193root 11241100x8000000000000000651657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87974be85dbbca62021-12-21 12:20:02.193root 11241100x8000000000000000651658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657aa57452e262532021-12-21 12:20:02.193root 11241100x8000000000000000651659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b916034ecbf6b8db2021-12-21 12:20:02.194root 11241100x8000000000000000651660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb2d600aff608dd2021-12-21 12:20:02.194root 11241100x8000000000000000651661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f2e69a29147ec92021-12-21 12:20:02.194root 11241100x8000000000000000651662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de979beb4f355a882021-12-21 12:20:02.693root 11241100x8000000000000000651663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fd706b18bea2df2021-12-21 12:20:02.693root 11241100x8000000000000000651664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4474d5543db6c82021-12-21 12:20:02.693root 11241100x8000000000000000651665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12585b233b27cfe82021-12-21 12:20:02.693root 11241100x8000000000000000651666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737e25a8315750c42021-12-21 12:20:02.693root 11241100x8000000000000000651667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd54ad7a8673c9c52021-12-21 12:20:02.693root 11241100x8000000000000000651668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054fe5113a856cfb2021-12-21 12:20:02.693root 11241100x8000000000000000651669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26af86d63625b7552021-12-21 12:20:02.693root 11241100x8000000000000000651670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59cf9db2d5e62f02021-12-21 12:20:02.693root 11241100x8000000000000000651671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6005142692e04dd2021-12-21 12:20:02.694root 11241100x8000000000000000651672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e622839579f1af2021-12-21 12:20:02.694root 11241100x8000000000000000651673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e47a6639e752362021-12-21 12:20:03.193root 11241100x8000000000000000651674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c401ce6a56094a2021-12-21 12:20:03.193root 11241100x8000000000000000651675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d18ac5cee53f4382021-12-21 12:20:03.193root 11241100x8000000000000000651676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73a7cff9b8ca4212021-12-21 12:20:03.193root 11241100x8000000000000000651677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4f1872e1d365cc2021-12-21 12:20:03.193root 11241100x8000000000000000651678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b3c2bccd9d56912021-12-21 12:20:03.193root 11241100x8000000000000000651679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed5cb168d2803822021-12-21 12:20:03.193root 11241100x8000000000000000651680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09f1ee24800cddf2021-12-21 12:20:03.194root 11241100x8000000000000000651681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050049b6a3e10d112021-12-21 12:20:03.194root 11241100x8000000000000000651682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92804b88f413e1992021-12-21 12:20:03.194root 11241100x8000000000000000651683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5dbd7575a79ede92021-12-21 12:20:03.194root 11241100x8000000000000000651684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8626a0675c3d0b522021-12-21 12:20:03.693root 11241100x8000000000000000651685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5816012f7821ee542021-12-21 12:20:03.693root 11241100x8000000000000000651686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c1bbb904951d0b2021-12-21 12:20:03.693root 11241100x8000000000000000651687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53255d5743667a12021-12-21 12:20:03.693root 11241100x8000000000000000651688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41ce05e8be6095e2021-12-21 12:20:03.693root 11241100x8000000000000000651689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9c7f570411b36f2021-12-21 12:20:03.693root 11241100x8000000000000000651690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df34121b346adbaf2021-12-21 12:20:03.693root 11241100x8000000000000000651691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e61efb3a76f72a2021-12-21 12:20:03.693root 11241100x8000000000000000651692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cae415882220bd72021-12-21 12:20:03.693root 11241100x8000000000000000651693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e78ba7e591bd0ac2021-12-21 12:20:03.693root 11241100x8000000000000000651694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5413d2c27a2639652021-12-21 12:20:03.693root 354300x8000000000000000651695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.156{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49836-false10.0.1.12-8000- 11241100x8000000000000000651696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e4b8d097ff8c5e2021-12-21 12:20:04.157root 11241100x8000000000000000651697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f2f1476f8b993a2021-12-21 12:20:04.157root 11241100x8000000000000000651698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e2cb0f9bdec28f2021-12-21 12:20:04.157root 11241100x8000000000000000651699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0b11d4546e716d2021-12-21 12:20:04.157root 11241100x8000000000000000651700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61743554c6e4f592021-12-21 12:20:04.157root 11241100x8000000000000000651701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ce578bbae3706e2021-12-21 12:20:04.157root 11241100x8000000000000000651702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605477f8677367dc2021-12-21 12:20:04.158root 11241100x8000000000000000651703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6f27cd8c36c9d92021-12-21 12:20:04.158root 11241100x8000000000000000651704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c8821e4c031ae82021-12-21 12:20:04.158root 11241100x8000000000000000651705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c89fbdd5f903b762021-12-21 12:20:04.158root 11241100x8000000000000000651706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56085630a9375ff82021-12-21 12:20:04.158root 11241100x8000000000000000651707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32abf23a36074802021-12-21 12:20:04.158root 11241100x8000000000000000651708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7fe3dbbdf92ed22021-12-21 12:20:04.158root 11241100x8000000000000000651709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41829ff0e801f9312021-12-21 12:20:04.158root 11241100x8000000000000000651710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c1127ca0603ab32021-12-21 12:20:04.158root 11241100x8000000000000000651711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6de5c75eb6770882021-12-21 12:20:04.158root 11241100x8000000000000000651712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f2b48ee4a67d002021-12-21 12:20:04.158root 11241100x8000000000000000651713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed815e96dabb3d62021-12-21 12:20:04.159root 11241100x8000000000000000651714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838783b08edbb3332021-12-21 12:20:04.443root 11241100x8000000000000000651715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e7696159bcbb442021-12-21 12:20:04.443root 11241100x8000000000000000651716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fdde0fdf8d0b352021-12-21 12:20:04.443root 11241100x8000000000000000651717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e9d2e947b51aed2021-12-21 12:20:04.443root 11241100x8000000000000000651718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d746ece5618e9632021-12-21 12:20:04.443root 11241100x8000000000000000651719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f159094e8a276de2021-12-21 12:20:04.443root 11241100x8000000000000000651720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8b9c1fd7b482632021-12-21 12:20:04.443root 11241100x8000000000000000651721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a50b19d22032cc2021-12-21 12:20:04.443root 11241100x8000000000000000651722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7bf7608de745e22021-12-21 12:20:04.444root 11241100x8000000000000000651723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e8ea1c0e56b0202021-12-21 12:20:04.444root 11241100x8000000000000000651724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a3f420dfb0f9482021-12-21 12:20:04.444root 11241100x8000000000000000651725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683d1a347192e9972021-12-21 12:20:04.444root 11241100x8000000000000000651726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bff4a629a3477592021-12-21 12:20:04.943root 11241100x8000000000000000651727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0819b62303bf5f732021-12-21 12:20:04.943root 11241100x8000000000000000651728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a4251c13e19a382021-12-21 12:20:04.943root 11241100x8000000000000000651729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd4e1c974385bbe2021-12-21 12:20:04.943root 11241100x8000000000000000651730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02606108a71cdbdc2021-12-21 12:20:04.943root 11241100x8000000000000000651731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862d50adc0a269be2021-12-21 12:20:04.943root 11241100x8000000000000000651732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bebdba77a6cb592021-12-21 12:20:04.943root 11241100x8000000000000000651733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6dcc1dc94fdaf602021-12-21 12:20:04.944root 11241100x8000000000000000651734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cbae0f6dae35682021-12-21 12:20:04.944root 11241100x8000000000000000651735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94f88e95070cb4f2021-12-21 12:20:04.944root 11241100x8000000000000000651736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39ef1e98aa39fe52021-12-21 12:20:04.944root 11241100x8000000000000000651737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f09b4ac485682682021-12-21 12:20:04.944root 11241100x8000000000000000651738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da1ab4987aa8ca42021-12-21 12:20:05.443root 11241100x8000000000000000651739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b707cc4b882946982021-12-21 12:20:05.443root 11241100x8000000000000000651740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443c284e471ee2962021-12-21 12:20:05.443root 11241100x8000000000000000651741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a96052aab306d42021-12-21 12:20:05.443root 11241100x8000000000000000651742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547d88ecca75f3d62021-12-21 12:20:05.443root 11241100x8000000000000000651743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416396d2eb5535372021-12-21 12:20:05.444root 11241100x8000000000000000651744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61799b220b1fae772021-12-21 12:20:05.444root 11241100x8000000000000000651745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f080c12d257c1a2021-12-21 12:20:05.444root 11241100x8000000000000000651746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d64cd26b09c4b32021-12-21 12:20:05.444root 11241100x8000000000000000651747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9082af1acbf6e03f2021-12-21 12:20:05.444root 11241100x8000000000000000651748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ad1af4fcbf830d2021-12-21 12:20:05.444root 11241100x8000000000000000651749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01b5ed77d6ff1362021-12-21 12:20:05.445root 11241100x8000000000000000651750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ff8a782d7cd6e42021-12-21 12:20:05.943root 11241100x8000000000000000651751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ed5e659bf34aa52021-12-21 12:20:05.943root 11241100x8000000000000000651752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c650d5942eb6b232021-12-21 12:20:05.943root 11241100x8000000000000000651753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92a8d046a133fa52021-12-21 12:20:05.943root 11241100x8000000000000000651754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7dbfe64c60f2af22021-12-21 12:20:05.943root 11241100x8000000000000000651755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b653c45b4540da2021-12-21 12:20:05.943root 11241100x8000000000000000651756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c03054a6fb0eb22021-12-21 12:20:05.943root 11241100x8000000000000000651757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8297a602fbdb7872021-12-21 12:20:05.943root 11241100x8000000000000000651758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a70fd1f92c0c1e2021-12-21 12:20:05.943root 11241100x8000000000000000651759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589ed0895d06b5792021-12-21 12:20:05.944root 11241100x8000000000000000651760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef931c2592dd1d4b2021-12-21 12:20:05.944root 11241100x8000000000000000651761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ed384b29fab0d82021-12-21 12:20:05.944root 11241100x8000000000000000651762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.143{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:20:06.143root 11241100x8000000000000000651763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39e50d7b7ae89c32021-12-21 12:20:06.443root 11241100x8000000000000000651764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cf4a3dda95384b2021-12-21 12:20:06.443root 11241100x8000000000000000651765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7097065afd03bac92021-12-21 12:20:06.443root 11241100x8000000000000000651766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f969e8fc5d16f0f72021-12-21 12:20:06.443root 11241100x8000000000000000651767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc5ed17ebafcf802021-12-21 12:20:06.443root 11241100x8000000000000000651768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1202c872b89c7a2021-12-21 12:20:06.443root 11241100x8000000000000000651769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9a0940d1de6e3d2021-12-21 12:20:06.444root 11241100x8000000000000000651770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9163020bba35762021-12-21 12:20:06.444root 11241100x8000000000000000651771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556cf07b6fadbe782021-12-21 12:20:06.444root 11241100x8000000000000000651772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da34d9a29c6fdd602021-12-21 12:20:06.444root 11241100x8000000000000000651773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115acf2a63c6b8492021-12-21 12:20:06.444root 11241100x8000000000000000651774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb71b02156474352021-12-21 12:20:06.444root 11241100x8000000000000000651775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc537b4eb574290b2021-12-21 12:20:06.444root 11241100x8000000000000000651776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd11bdd7da5600d2021-12-21 12:20:06.943root 11241100x8000000000000000651777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f301c55acf6b42ad2021-12-21 12:20:06.943root 11241100x8000000000000000651778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097e2fc93f0c964d2021-12-21 12:20:06.943root 11241100x8000000000000000651779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c260da6349bc881a2021-12-21 12:20:06.943root 11241100x8000000000000000651780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ae19ac5cbf8edc2021-12-21 12:20:06.943root 11241100x8000000000000000651781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d40a6675aaf92a2021-12-21 12:20:06.943root 11241100x8000000000000000651782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57ffc00f2ac88832021-12-21 12:20:06.943root 11241100x8000000000000000651783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba2d2562b8d29282021-12-21 12:20:06.943root 11241100x8000000000000000651784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af44e8d31a0c65492021-12-21 12:20:06.943root 11241100x8000000000000000651785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8921aba3eb7e5b502021-12-21 12:20:06.943root 11241100x8000000000000000651786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bd3270eff4a5982021-12-21 12:20:06.943root 11241100x8000000000000000651787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4617b2e689bada92021-12-21 12:20:06.943root 11241100x8000000000000000651788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2f91df9b82587d2021-12-21 12:20:06.944root 11241100x8000000000000000651789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5cbd9b728c777b2021-12-21 12:20:07.443root 11241100x8000000000000000651790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300b7e6bd0ac70932021-12-21 12:20:07.443root 11241100x8000000000000000651791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6721f45eb66ebdc42021-12-21 12:20:07.443root 11241100x8000000000000000651792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a735cb1b71b0299c2021-12-21 12:20:07.443root 11241100x8000000000000000651793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6189a92698ea714f2021-12-21 12:20:07.443root 11241100x8000000000000000651794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb6b19ef5dd072f2021-12-21 12:20:07.443root 11241100x8000000000000000651795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67c1a8d06c5bc5b2021-12-21 12:20:07.444root 11241100x8000000000000000651796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6293c5bb89dbe6742021-12-21 12:20:07.444root 11241100x8000000000000000651797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d52b802a6612db62021-12-21 12:20:07.444root 11241100x8000000000000000651798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c6a07b5681ff662021-12-21 12:20:07.444root 11241100x8000000000000000651799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e8d8a6f89883e82021-12-21 12:20:07.444root 11241100x8000000000000000651800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f75f02521cc8502021-12-21 12:20:07.444root 11241100x8000000000000000651801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c7bc196d3d40dd2021-12-21 12:20:07.444root 11241100x8000000000000000651802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29145095421b8b6d2021-12-21 12:20:07.943root 11241100x8000000000000000651803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda2f959e5f60cf02021-12-21 12:20:07.943root 11241100x8000000000000000651804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bd8e4327e091962021-12-21 12:20:07.943root 11241100x8000000000000000651805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55c49d23eda27df2021-12-21 12:20:07.943root 11241100x8000000000000000651806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbda032a06cae7f42021-12-21 12:20:07.943root 11241100x8000000000000000651807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ef1b972b96860d2021-12-21 12:20:07.943root 11241100x8000000000000000651808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173f3e3b9290759b2021-12-21 12:20:07.944root 11241100x8000000000000000651809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6153f6b5f5cb5d432021-12-21 12:20:07.944root 11241100x8000000000000000651810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976fa76b01c776232021-12-21 12:20:07.944root 11241100x8000000000000000651811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5751c68720fb0f2021-12-21 12:20:07.944root 11241100x8000000000000000651812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf97443015b855bd2021-12-21 12:20:07.944root 11241100x8000000000000000651813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bcbbb58a17dc6b02021-12-21 12:20:07.944root 11241100x8000000000000000651814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d1b206062614882021-12-21 12:20:07.944root 11241100x8000000000000000651815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4a1eb041390bd92021-12-21 12:20:08.443root 11241100x8000000000000000651816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8da500ce182e372021-12-21 12:20:08.443root 11241100x8000000000000000651817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20019cb48cda15ed2021-12-21 12:20:08.443root 11241100x8000000000000000651818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a3d3ee3492ced52021-12-21 12:20:08.443root 11241100x8000000000000000651819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0dca8d41b211a02021-12-21 12:20:08.444root 11241100x8000000000000000651820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0e614b4a3453252021-12-21 12:20:08.444root 11241100x8000000000000000651821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a42c5018124ca652021-12-21 12:20:08.444root 11241100x8000000000000000651822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9071e299c91b5a422021-12-21 12:20:08.444root 11241100x8000000000000000651823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c897008bf81906f12021-12-21 12:20:08.444root 11241100x8000000000000000651824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5cd619796660fe2021-12-21 12:20:08.444root 11241100x8000000000000000651825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2523513ff8c8cc4e2021-12-21 12:20:08.444root 11241100x8000000000000000651826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37561abf0e7c27ca2021-12-21 12:20:08.444root 11241100x8000000000000000651827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cb9354c6e018c02021-12-21 12:20:08.444root 154100x8000000000000000651828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.621{ec2b6afe-c678-61c1-68c4-67d163550000}10075/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000651829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.631{ec2b6afe-c678-61c1-68c4-67d163550000}10075/bin/psroot 11241100x8000000000000000651830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8886c3998f451c2021-12-21 12:20:08.943root 11241100x8000000000000000651831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299e42519cd4b8932021-12-21 12:20:08.943root 11241100x8000000000000000651832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa71e605b5c055462021-12-21 12:20:08.943root 11241100x8000000000000000651833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1eed33aea422282021-12-21 12:20:08.944root 11241100x8000000000000000651834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b480de58c1b3272021-12-21 12:20:08.944root 11241100x8000000000000000651835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d63502b5fb12c0d2021-12-21 12:20:08.944root 11241100x8000000000000000651836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe110f3ffc76bf32021-12-21 12:20:08.944root 11241100x8000000000000000651837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae5ac1ce95d4f392021-12-21 12:20:08.944root 11241100x8000000000000000651838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c85ccd40fe76742021-12-21 12:20:08.945root 11241100x8000000000000000651839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83111a8e287752eb2021-12-21 12:20:08.945root 11241100x8000000000000000651840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2747d7e7e062c12021-12-21 12:20:08.945root 11241100x8000000000000000651841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71fa33b79449e3e2021-12-21 12:20:08.945root 11241100x8000000000000000651842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97a6a548851ec752021-12-21 12:20:08.945root 11241100x8000000000000000651843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229204b44aa4fa8f2021-12-21 12:20:08.945root 11241100x8000000000000000651844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea430b659a152862021-12-21 12:20:08.945root 23542300x8000000000000000651845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.145{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x8000000000000000651846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.218{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49838-false10.0.1.12-8000- 11241100x8000000000000000651847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d22cfbf199a7132021-12-21 12:20:09.219root 11241100x8000000000000000651848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41745146bb708362021-12-21 12:20:09.219root 11241100x8000000000000000651849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca5e1aa16e0ce282021-12-21 12:20:09.219root 11241100x8000000000000000651850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c0e8bb805c82f02021-12-21 12:20:09.219root 11241100x8000000000000000651851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6b092bbd1978b72021-12-21 12:20:09.220root 11241100x8000000000000000651852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62f3a4a1792ec0c2021-12-21 12:20:09.220root 11241100x8000000000000000651853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177dcdb1de642c582021-12-21 12:20:09.220root 11241100x8000000000000000651854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a04d334079f8ae2021-12-21 12:20:09.220root 11241100x8000000000000000651855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5780c03d519ab052021-12-21 12:20:09.220root 11241100x8000000000000000651856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5453711137e21c82021-12-21 12:20:09.220root 11241100x8000000000000000651857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c594333cf4f5ef82021-12-21 12:20:09.220root 11241100x8000000000000000651858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa170185bfe649072021-12-21 12:20:09.220root 11241100x8000000000000000651859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49604495636a9a312021-12-21 12:20:09.221root 11241100x8000000000000000651860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b433b6eaa09ba32021-12-21 12:20:09.221root 11241100x8000000000000000651861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745cc358f22c68962021-12-21 12:20:09.221root 11241100x8000000000000000651862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdf0af2e6f0ae672021-12-21 12:20:09.221root 11241100x8000000000000000651863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f00fb063f59a3c12021-12-21 12:20:09.221root 11241100x8000000000000000651864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d9f1c711c4548a2021-12-21 12:20:09.693root 11241100x8000000000000000651865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1a5635d8d8d7a22021-12-21 12:20:09.693root 11241100x8000000000000000651866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a318628585c7e3e2021-12-21 12:20:09.693root 11241100x8000000000000000651867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535432cfca602dce2021-12-21 12:20:09.693root 11241100x8000000000000000651868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4af685c69a500952021-12-21 12:20:09.693root 11241100x8000000000000000651869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec4382fd748c4772021-12-21 12:20:09.694root 11241100x8000000000000000651870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69accfa7972f221e2021-12-21 12:20:09.694root 11241100x8000000000000000651871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414b5aac17948bac2021-12-21 12:20:09.694root 11241100x8000000000000000651872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb765577eac465e82021-12-21 12:20:09.694root 11241100x8000000000000000651873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a578db8f87765b372021-12-21 12:20:09.694root 11241100x8000000000000000651874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6af51c6b0cbbc592021-12-21 12:20:09.694root 11241100x8000000000000000651875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70adacfa686ab6242021-12-21 12:20:09.694root 11241100x8000000000000000651876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc930810b2145d32021-12-21 12:20:09.694root 11241100x8000000000000000651877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199e94a4285a66ae2021-12-21 12:20:09.694root 11241100x8000000000000000651878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85c286bdc43b03f2021-12-21 12:20:09.694root 11241100x8000000000000000651879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cd5020376545602021-12-21 12:20:09.695root 11241100x8000000000000000651880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946338ba46b07fdc2021-12-21 12:20:09.695root 11241100x8000000000000000651881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c992951051f23aca2021-12-21 12:20:10.193root 11241100x8000000000000000651882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec275eb506032a872021-12-21 12:20:10.193root 11241100x8000000000000000651883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9625f60c5de2ec7f2021-12-21 12:20:10.193root 11241100x8000000000000000651884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902b7dc8876c933a2021-12-21 12:20:10.193root 11241100x8000000000000000651885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bd3bdac18da0e72021-12-21 12:20:10.193root 11241100x8000000000000000651886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee2cba2d2f5b7282021-12-21 12:20:10.193root 11241100x8000000000000000651887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f077c678ccde3b2021-12-21 12:20:10.194root 11241100x8000000000000000651888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae4ec1f331dafe12021-12-21 12:20:10.194root 11241100x8000000000000000651889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb451bc891ae43a2021-12-21 12:20:10.194root 11241100x8000000000000000651890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35774a9015342c992021-12-21 12:20:10.194root 11241100x8000000000000000651891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c24720407f4e7732021-12-21 12:20:10.194root 11241100x8000000000000000651892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31a268dc8d2feea2021-12-21 12:20:10.194root 11241100x8000000000000000651893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9ae78a9f831f382021-12-21 12:20:10.194root 11241100x8000000000000000651894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec233bb7aea0b66b2021-12-21 12:20:10.194root 11241100x8000000000000000651895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67686d4ad8efa0952021-12-21 12:20:10.194root 11241100x8000000000000000651896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf5d428459c5de12021-12-21 12:20:10.194root 11241100x8000000000000000651897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eda86752bff13b82021-12-21 12:20:10.194root 11241100x8000000000000000651898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d7fc7906a865902021-12-21 12:20:10.693root 11241100x8000000000000000651899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcec6d928c87ead2021-12-21 12:20:10.693root 11241100x8000000000000000651900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a78dab23c1208a62021-12-21 12:20:10.693root 11241100x8000000000000000651901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d736542b9ab2ca2021-12-21 12:20:10.693root 11241100x8000000000000000651902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8758a53262781cee2021-12-21 12:20:10.693root 11241100x8000000000000000651903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ee694447f81b5b2021-12-21 12:20:10.694root 11241100x8000000000000000651904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6850caa7b7881272021-12-21 12:20:10.694root 11241100x8000000000000000651905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e1894431e629aa2021-12-21 12:20:10.694root 11241100x8000000000000000651906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f18abc19bc7bfce2021-12-21 12:20:10.694root 11241100x8000000000000000651907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0720cdf7dc3899b22021-12-21 12:20:10.694root 11241100x8000000000000000651908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff45cad2c688a0ff2021-12-21 12:20:10.694root 11241100x8000000000000000651909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc061ed5a39c33e2021-12-21 12:20:10.694root 11241100x8000000000000000651910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2932d42d15ea264d2021-12-21 12:20:10.694root 11241100x8000000000000000651911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6aa20e9f8dd53ed2021-12-21 12:20:10.694root 11241100x8000000000000000651912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e0329f7e4eb3882021-12-21 12:20:10.694root 11241100x8000000000000000651913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009e854e260c91432021-12-21 12:20:10.694root 11241100x8000000000000000651914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89027c8086319ea52021-12-21 12:20:10.694root 11241100x8000000000000000651915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d5d4e97835859f2021-12-21 12:20:11.193root 11241100x8000000000000000651916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e63747f74773302021-12-21 12:20:11.193root 11241100x8000000000000000651917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0682d74746ec46702021-12-21 12:20:11.193root 11241100x8000000000000000651918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b870fd74cf2ef29b2021-12-21 12:20:11.193root 11241100x8000000000000000651919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8467147112efa12021-12-21 12:20:11.194root 11241100x8000000000000000651920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4961a003c68f99c12021-12-21 12:20:11.194root 11241100x8000000000000000651921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262985a82e0d92702021-12-21 12:20:11.194root 11241100x8000000000000000651922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc128841b478313b2021-12-21 12:20:11.194root 11241100x8000000000000000651923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e5bd362821808b2021-12-21 12:20:11.194root 11241100x8000000000000000651924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae05e58cfce5b2162021-12-21 12:20:11.194root 11241100x8000000000000000651925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096293508a60144e2021-12-21 12:20:11.194root 11241100x8000000000000000651926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189fdc2a50fb1ff02021-12-21 12:20:11.194root 11241100x8000000000000000651927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26264ed3c20f3e42021-12-21 12:20:11.194root 11241100x8000000000000000651928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739d2fddc79584252021-12-21 12:20:11.194root 11241100x8000000000000000651929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623553ad4314efa32021-12-21 12:20:11.194root 11241100x8000000000000000651930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b17d93713a1a51b2021-12-21 12:20:11.194root 11241100x8000000000000000651931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1177fa0f34a9bf842021-12-21 12:20:11.194root 11241100x8000000000000000651932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e421e1a6a007eb62021-12-21 12:20:11.693root 11241100x8000000000000000651933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463d988db424184c2021-12-21 12:20:11.693root 11241100x8000000000000000651934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe0c79d362c99972021-12-21 12:20:11.693root 11241100x8000000000000000651935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9dc11db7d863a9b2021-12-21 12:20:11.693root 11241100x8000000000000000651936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb27786a984dac72021-12-21 12:20:11.693root 11241100x8000000000000000651937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de0933d063de9982021-12-21 12:20:11.694root 11241100x8000000000000000651938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd97325dca1d60782021-12-21 12:20:11.694root 11241100x8000000000000000651939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240f27f9e2e647912021-12-21 12:20:11.694root 11241100x8000000000000000651940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a208413ec96d162021-12-21 12:20:11.694root 11241100x8000000000000000651941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb418afa2e008c72021-12-21 12:20:11.694root 11241100x8000000000000000651942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737a89e557ed042e2021-12-21 12:20:11.694root 11241100x8000000000000000651943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ac288b694d9fdc2021-12-21 12:20:11.694root 11241100x8000000000000000651944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac04989019f80912021-12-21 12:20:11.694root 11241100x8000000000000000651945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9189af9779ca34b02021-12-21 12:20:11.694root 11241100x8000000000000000651946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf91ff3a8c22d7652021-12-21 12:20:11.694root 11241100x8000000000000000651947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dde7263f273a2a12021-12-21 12:20:11.694root 11241100x8000000000000000651948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb403a46556eae32021-12-21 12:20:11.694root 11241100x8000000000000000651949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ffa2f15f29b32e2021-12-21 12:20:12.193root 11241100x8000000000000000651950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d119950e23501fc72021-12-21 12:20:12.193root 11241100x8000000000000000651951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2001496906ff55b12021-12-21 12:20:12.193root 11241100x8000000000000000651952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcb590c562366402021-12-21 12:20:12.193root 11241100x8000000000000000651953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ed3a7e6a7a85012021-12-21 12:20:12.193root 11241100x8000000000000000651954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47669ab062a981252021-12-21 12:20:12.193root 11241100x8000000000000000651955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdbde933c8faf9f2021-12-21 12:20:12.193root 11241100x8000000000000000651956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb66a8aa2b8f12772021-12-21 12:20:12.194root 11241100x8000000000000000651957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bd6c89574a009a2021-12-21 12:20:12.194root 11241100x8000000000000000651958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53125e807232318d2021-12-21 12:20:12.194root 11241100x8000000000000000651959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1bbb13877f38e52021-12-21 12:20:12.194root 11241100x8000000000000000651960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be3d7e9544423162021-12-21 12:20:12.194root 11241100x8000000000000000651961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de3c8de23e28c882021-12-21 12:20:12.194root 11241100x8000000000000000651962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2ea4635c3c4db62021-12-21 12:20:12.194root 11241100x8000000000000000651963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd42e42e2a9251ab2021-12-21 12:20:12.194root 11241100x8000000000000000651964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacd37b6a172dc592021-12-21 12:20:12.194root 11241100x8000000000000000651965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d843575297e184b2021-12-21 12:20:12.195root 11241100x8000000000000000651966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8235f57e963a211b2021-12-21 12:20:12.693root 11241100x8000000000000000651967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263c7c0ef5b06e262021-12-21 12:20:12.693root 11241100x8000000000000000651968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f022909411b03fe82021-12-21 12:20:12.694root 11241100x8000000000000000651969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f9685b08ea30d92021-12-21 12:20:12.694root 11241100x8000000000000000651970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630cfa5774f5d3982021-12-21 12:20:12.694root 11241100x8000000000000000651971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95700245375a86442021-12-21 12:20:12.694root 11241100x8000000000000000651972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0631b647791786572021-12-21 12:20:12.694root 11241100x8000000000000000651973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1daeaa09c1e0602021-12-21 12:20:12.695root 11241100x8000000000000000651974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b34f53c7a8da112021-12-21 12:20:12.695root 11241100x8000000000000000651975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043e15859f321a392021-12-21 12:20:12.695root 11241100x8000000000000000651976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b2c0c2eb027d8c2021-12-21 12:20:12.695root 11241100x8000000000000000651977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97cacfb9e68d2212021-12-21 12:20:12.695root 11241100x8000000000000000651978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b363f8e52d2f780e2021-12-21 12:20:12.695root 11241100x8000000000000000651979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c604b42bf18ae1192021-12-21 12:20:12.695root 11241100x8000000000000000651980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abfbc757451f34e2021-12-21 12:20:12.695root 11241100x8000000000000000651981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3deceb2030a3322021-12-21 12:20:12.696root 11241100x8000000000000000651982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7eb0996a7736512021-12-21 12:20:12.696root 11241100x8000000000000000651983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c019b87803dee4ba2021-12-21 12:20:13.193root 11241100x8000000000000000651984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80b5b0ceba1ae182021-12-21 12:20:13.193root 11241100x8000000000000000651985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b811a0e48dec28b82021-12-21 12:20:13.193root 11241100x8000000000000000651986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec0fc87a1c90e3e2021-12-21 12:20:13.193root 11241100x8000000000000000651987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcd1880d61f25bb2021-12-21 12:20:13.194root 11241100x8000000000000000651988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff9e23a1aa1e0732021-12-21 12:20:13.194root 11241100x8000000000000000651989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a79f02cec3c1ee2021-12-21 12:20:13.194root 11241100x8000000000000000651990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c132f6dd2754ffe82021-12-21 12:20:13.194root 11241100x8000000000000000651991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1bb67c81ac1daf2021-12-21 12:20:13.194root 11241100x8000000000000000651992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ee377f5c4cc9092021-12-21 12:20:13.194root 11241100x8000000000000000651993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c9203a3259597b2021-12-21 12:20:13.194root 11241100x8000000000000000651994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d67f8fc759066772021-12-21 12:20:13.194root 11241100x8000000000000000651995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1e0ee0a1c2d0ec2021-12-21 12:20:13.194root 11241100x8000000000000000651996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b885a9d6ac8107362021-12-21 12:20:13.194root 11241100x8000000000000000651997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65224ea3a8b118ac2021-12-21 12:20:13.194root 11241100x8000000000000000651998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0374384ce55cbd022021-12-21 12:20:13.195root 11241100x8000000000000000651999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bb89a5a43532832021-12-21 12:20:13.195root 11241100x8000000000000000652000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea1def8d5723d162021-12-21 12:20:13.693root 11241100x8000000000000000652001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862fada08a4a33a32021-12-21 12:20:13.693root 11241100x8000000000000000652002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e406cb2f46b787df2021-12-21 12:20:13.693root 11241100x8000000000000000652003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84eaa5cd1e9a19ef2021-12-21 12:20:13.693root 11241100x8000000000000000652004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b16566ac9933132021-12-21 12:20:13.694root 11241100x8000000000000000652005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5be2ca2f21c54832021-12-21 12:20:13.694root 11241100x8000000000000000652006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09ac570030302b82021-12-21 12:20:13.694root 11241100x8000000000000000652007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f71ccb1ad2ac1762021-12-21 12:20:13.694root 11241100x8000000000000000652008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612f3fa56005cab72021-12-21 12:20:13.694root 11241100x8000000000000000652009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4c4a4cae93bc992021-12-21 12:20:13.694root 11241100x8000000000000000652010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e758c98a076dfd0d2021-12-21 12:20:13.694root 11241100x8000000000000000652011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a6caf4efd56ff02021-12-21 12:20:13.694root 11241100x8000000000000000652012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc84434314f239302021-12-21 12:20:13.694root 11241100x8000000000000000652013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19040dad9091ac942021-12-21 12:20:13.695root 11241100x8000000000000000652014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676ba0aab69e98512021-12-21 12:20:13.695root 11241100x8000000000000000652015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fa3a91026845a32021-12-21 12:20:13.695root 11241100x8000000000000000652016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8105a778c30b26dc2021-12-21 12:20:13.695root 11241100x8000000000000000652017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87c8f395e72744f2021-12-21 12:20:14.193root 11241100x8000000000000000652018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d154888001b78172021-12-21 12:20:14.193root 11241100x8000000000000000652019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c94116c224591a52021-12-21 12:20:14.193root 11241100x8000000000000000652020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1affce7af5e30192021-12-21 12:20:14.193root 11241100x8000000000000000652021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5419b5d6edb7132021-12-21 12:20:14.194root 11241100x8000000000000000652022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c932969a2657202021-12-21 12:20:14.194root 11241100x8000000000000000652023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e882b753f57c772021-12-21 12:20:14.194root 11241100x8000000000000000652024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0a00fa21a87a3c2021-12-21 12:20:14.194root 11241100x8000000000000000652025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3b9dfc9dd074c82021-12-21 12:20:14.194root 11241100x8000000000000000652026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc59b09de99684c2021-12-21 12:20:14.194root 11241100x8000000000000000652027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97ce6b49593a92f2021-12-21 12:20:14.194root 11241100x8000000000000000652028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6db28da40fabd392021-12-21 12:20:14.194root 11241100x8000000000000000652029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c96e4a5ac131352021-12-21 12:20:14.194root 11241100x8000000000000000652030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57953f0c999ca73b2021-12-21 12:20:14.195root 11241100x8000000000000000652031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f62a0998980e2f2021-12-21 12:20:14.195root 11241100x8000000000000000652032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3a5b5669b4b58f2021-12-21 12:20:14.195root 11241100x8000000000000000652033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8057b4b4564b6f992021-12-21 12:20:14.195root 11241100x8000000000000000652034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24a4a606239b4522021-12-21 12:20:14.693root 11241100x8000000000000000652035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55dc9a5fcccad2a22021-12-21 12:20:14.693root 11241100x8000000000000000652036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa8bab0efddb8ea2021-12-21 12:20:14.693root 11241100x8000000000000000652037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d39c69234e4ac652021-12-21 12:20:14.693root 11241100x8000000000000000652038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46604803813056442021-12-21 12:20:14.693root 11241100x8000000000000000652039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438d7cd571e8b1f52021-12-21 12:20:14.694root 11241100x8000000000000000652040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c324fe39cb2cd9a2021-12-21 12:20:14.694root 11241100x8000000000000000652041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528e75eda69e0ea72021-12-21 12:20:14.694root 11241100x8000000000000000652042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abec2d9f8ca673a02021-12-21 12:20:14.694root 11241100x8000000000000000652043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8642583dbdb95182021-12-21 12:20:14.694root 11241100x8000000000000000652044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2e4ebf51e1f4d32021-12-21 12:20:14.694root 11241100x8000000000000000652045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1450e2b3c13ee02c2021-12-21 12:20:14.694root 11241100x8000000000000000652046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28406f8ba50902ce2021-12-21 12:20:14.694root 11241100x8000000000000000652047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf8d643c860ee6c2021-12-21 12:20:14.694root 11241100x8000000000000000652048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48665fb4ec25beb62021-12-21 12:20:14.694root 11241100x8000000000000000652049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d5b6cf74d543c42021-12-21 12:20:14.695root 11241100x8000000000000000652050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fea8dc0c5c0eca2021-12-21 12:20:14.695root 354300x8000000000000000652051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.079{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49840-false10.0.1.12-8000- 11241100x8000000000000000652052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b3efccb2594e0c2021-12-21 12:20:15.080root 11241100x8000000000000000652053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f106ef54314d3a92021-12-21 12:20:15.080root 11241100x8000000000000000652054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4befde7c2cb5045f2021-12-21 12:20:15.080root 11241100x8000000000000000652055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8c4c3c094b61802021-12-21 12:20:15.080root 11241100x8000000000000000652056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba18ee0f38572df52021-12-21 12:20:15.080root 11241100x8000000000000000652057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30426530dd4599102021-12-21 12:20:15.080root 11241100x8000000000000000652058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ebc558f62f8afc2021-12-21 12:20:15.080root 11241100x8000000000000000652059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb051a826797bcd2021-12-21 12:20:15.080root 11241100x8000000000000000652060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251176eb50c75ed02021-12-21 12:20:15.080root 11241100x8000000000000000652061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a69a6248a16fd242021-12-21 12:20:15.080root 11241100x8000000000000000652062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce291392ef54b9bd2021-12-21 12:20:15.080root 11241100x8000000000000000652063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b97a6290d466d12021-12-21 12:20:15.080root 11241100x8000000000000000652064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87aa4b26e9368b12021-12-21 12:20:15.080root 11241100x8000000000000000652065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994325f08d03dace2021-12-21 12:20:15.080root 11241100x8000000000000000652066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3380d601706ddf42021-12-21 12:20:15.081root 11241100x8000000000000000652067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716fbfc29867e6f32021-12-21 12:20:15.081root 11241100x8000000000000000652068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654d3468acf435552021-12-21 12:20:15.081root 11241100x8000000000000000652069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2e1835389d6aa82021-12-21 12:20:15.081root 11241100x8000000000000000652070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7f6ddbac41f34a2021-12-21 12:20:15.081root 11241100x8000000000000000652071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f169fac3ed3750582021-12-21 12:20:15.081root 11241100x8000000000000000652072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05addc1c1cf4b1912021-12-21 12:20:15.081root 11241100x8000000000000000652073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8599391d0c8d91f82021-12-21 12:20:15.081root 11241100x8000000000000000652074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e27d0a2231162fe2021-12-21 12:20:15.081root 11241100x8000000000000000652075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e5d746827accc42021-12-21 12:20:15.081root 11241100x8000000000000000652076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e433ac77f9da4d932021-12-21 12:20:15.081root 11241100x8000000000000000652077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a2b3e765bdd28f2021-12-21 12:20:15.081root 11241100x8000000000000000652078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8313e88f40603f632021-12-21 12:20:15.082root 11241100x8000000000000000652079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3289cfabc06849c12021-12-21 12:20:15.082root 11241100x8000000000000000652080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ebf4af658dda802021-12-21 12:20:15.082root 11241100x8000000000000000652081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fede3e2d2a1daee82021-12-21 12:20:15.082root 11241100x8000000000000000652082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9af2846eb13f182021-12-21 12:20:15.082root 11241100x8000000000000000652083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2dbee2e08f10392021-12-21 12:20:15.082root 11241100x8000000000000000652084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0424390d55e62f722021-12-21 12:20:15.082root 11241100x8000000000000000652085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8514847a21cc6b012021-12-21 12:20:15.083root 11241100x8000000000000000652086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44aa32a52202e3622021-12-21 12:20:15.083root 11241100x8000000000000000652087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5993ef8a12e455462021-12-21 12:20:15.083root 11241100x8000000000000000652088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c214e5dcb0f89a22021-12-21 12:20:15.083root 11241100x8000000000000000652089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81323fda0bf90952021-12-21 12:20:15.083root 11241100x8000000000000000652090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a678e9a1faff44b2021-12-21 12:20:15.083root 11241100x8000000000000000652091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb26a8a21b793ab2021-12-21 12:20:15.083root 11241100x8000000000000000652092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c21eff16aa9f862021-12-21 12:20:15.443root 11241100x8000000000000000652093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1a738c37dbeeef2021-12-21 12:20:15.443root 11241100x8000000000000000652094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dda6e0b47898e02021-12-21 12:20:15.443root 11241100x8000000000000000652095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4413df068799742021-12-21 12:20:15.443root 11241100x8000000000000000652096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c164e9bcd2f8a42021-12-21 12:20:15.444root 11241100x8000000000000000652097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fff190b0f88b9a2021-12-21 12:20:15.444root 11241100x8000000000000000652098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83acee768a238f52021-12-21 12:20:15.444root 11241100x8000000000000000652099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94388736341c81b2021-12-21 12:20:15.444root 11241100x8000000000000000652100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd54ed563ce5559a2021-12-21 12:20:15.444root 11241100x8000000000000000652101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f685ecabd3e1c8732021-12-21 12:20:15.444root 11241100x8000000000000000652102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb3fe61647ec6af2021-12-21 12:20:15.444root 11241100x8000000000000000652103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e04e9fc78c28402021-12-21 12:20:15.444root 11241100x8000000000000000652104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88cd2a1420ab1122021-12-21 12:20:15.444root 11241100x8000000000000000652105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3118bbf6135f435f2021-12-21 12:20:15.444root 11241100x8000000000000000652106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca8612d0ffeb9582021-12-21 12:20:15.444root 11241100x8000000000000000652107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818bd1920c7fceb82021-12-21 12:20:15.444root 11241100x8000000000000000652108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139abe05c588484d2021-12-21 12:20:15.444root 11241100x8000000000000000652109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b44da2270a4b0d2021-12-21 12:20:15.444root 11241100x8000000000000000652110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99aab1f3ad0892c52021-12-21 12:20:15.943root 11241100x8000000000000000652111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564ee2cc75cd4e032021-12-21 12:20:15.943root 11241100x8000000000000000652112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794f258d4060b1ef2021-12-21 12:20:15.944root 11241100x8000000000000000652113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58bda28b41a4d812021-12-21 12:20:15.944root 11241100x8000000000000000652114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7fd6d39f23ff592021-12-21 12:20:15.944root 11241100x8000000000000000652115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0502f7283964481e2021-12-21 12:20:15.944root 11241100x8000000000000000652116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8ca24391c425052021-12-21 12:20:15.944root 11241100x8000000000000000652117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d3605ae1b29c222021-12-21 12:20:15.944root 11241100x8000000000000000652118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbf6c276958223a2021-12-21 12:20:15.945root 11241100x8000000000000000652119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dad86d0cdfa7a52021-12-21 12:20:15.945root 11241100x8000000000000000652120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea48f43ed1850a02021-12-21 12:20:15.945root 11241100x8000000000000000652121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2535170ae09e31092021-12-21 12:20:15.946root 11241100x8000000000000000652122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556335d629a771be2021-12-21 12:20:15.946root 11241100x8000000000000000652123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a58c546c13f5e9e2021-12-21 12:20:15.946root 11241100x8000000000000000652124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22522ab452e510522021-12-21 12:20:15.946root 11241100x8000000000000000652125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0faf77c2d704a12021-12-21 12:20:15.947root 11241100x8000000000000000652126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab56615ce8e2f6b92021-12-21 12:20:15.947root 11241100x8000000000000000652127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0181f39a2dd61ab42021-12-21 12:20:15.947root 11241100x8000000000000000652128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618a401b8fd44a892021-12-21 12:20:16.443root 11241100x8000000000000000652129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba6fc0e8953914f2021-12-21 12:20:16.444root 11241100x8000000000000000652130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d95cf99e72312cf2021-12-21 12:20:16.444root 11241100x8000000000000000652131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4d0e10208e9c942021-12-21 12:20:16.444root 11241100x8000000000000000652132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaf814c0ffe42f32021-12-21 12:20:16.445root 11241100x8000000000000000652133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e086fb0de5eaee12021-12-21 12:20:16.445root 11241100x8000000000000000652134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5836c91727a258852021-12-21 12:20:16.445root 11241100x8000000000000000652135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12554b99a4ed7d92021-12-21 12:20:16.445root 11241100x8000000000000000652136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b325e8051b634a0d2021-12-21 12:20:16.446root 11241100x8000000000000000652137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118ec8c241682d102021-12-21 12:20:16.446root 11241100x8000000000000000652138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2048dc9c9095b8e02021-12-21 12:20:16.446root 11241100x8000000000000000652139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb351828163a0b42021-12-21 12:20:16.446root 11241100x8000000000000000652140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe6bef2b7f9aec32021-12-21 12:20:16.446root 11241100x8000000000000000652141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460b396e8c37c2ee2021-12-21 12:20:16.446root 11241100x8000000000000000652142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5a56b395b6946f2021-12-21 12:20:16.447root 11241100x8000000000000000652143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bfef373e7c45d82021-12-21 12:20:16.447root 11241100x8000000000000000652144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28a1dbc928f2bf32021-12-21 12:20:16.447root 11241100x8000000000000000652145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf72742bfcd266a2021-12-21 12:20:16.447root 11241100x8000000000000000652146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628cae27a6ca04b32021-12-21 12:20:16.943root 11241100x8000000000000000652147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cb24acdf1dc8ec2021-12-21 12:20:16.943root 11241100x8000000000000000652148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902a5b5564d48db22021-12-21 12:20:16.943root 11241100x8000000000000000652149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1de1fe2cce35e02021-12-21 12:20:16.943root 11241100x8000000000000000652150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52e533025376a442021-12-21 12:20:16.944root 11241100x8000000000000000652151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f07940239cde1f2021-12-21 12:20:16.944root 11241100x8000000000000000652152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c820985c923e08a52021-12-21 12:20:16.944root 11241100x8000000000000000652153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72b6331ecd175282021-12-21 12:20:16.944root 11241100x8000000000000000652154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a1ca9dce7192d22021-12-21 12:20:16.944root 11241100x8000000000000000652155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a5ab46d107b4022021-12-21 12:20:16.944root 11241100x8000000000000000652156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958890ad6e5fdfad2021-12-21 12:20:16.944root 11241100x8000000000000000652157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d64dff1ab1e27192021-12-21 12:20:16.945root 11241100x8000000000000000652158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81c0a448dd0d2892021-12-21 12:20:16.945root 11241100x8000000000000000652159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472d3888836b175a2021-12-21 12:20:16.945root 11241100x8000000000000000652160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c05ec1f4913a05d2021-12-21 12:20:16.945root 11241100x8000000000000000652161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e022c83fd891f7b2021-12-21 12:20:16.946root 11241100x8000000000000000652162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8e45360bd45fe82021-12-21 12:20:16.946root 11241100x8000000000000000652163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaffd3b0f4ab26e2021-12-21 12:20:16.946root 11241100x8000000000000000652164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfc903a0d2d5ec62021-12-21 12:20:17.443root 11241100x8000000000000000652165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37c09009ffd96bb2021-12-21 12:20:17.443root 11241100x8000000000000000652166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1584d16c0a3c8e2021-12-21 12:20:17.444root 11241100x8000000000000000652167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82f67dcdcd0befb2021-12-21 12:20:17.444root 11241100x8000000000000000652168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa44e061d139f69f2021-12-21 12:20:17.444root 11241100x8000000000000000652169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c72554cd44ce9c2021-12-21 12:20:17.444root 11241100x8000000000000000652170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d012e3f88101cbf82021-12-21 12:20:17.445root 11241100x8000000000000000652171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb31d922e21d5652021-12-21 12:20:17.445root 11241100x8000000000000000652172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f9cd73d3601b412021-12-21 12:20:17.445root 11241100x8000000000000000652173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631e14a2206715a42021-12-21 12:20:17.445root 11241100x8000000000000000652174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85901872e1a90a892021-12-21 12:20:17.445root 11241100x8000000000000000652175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43baa50f7640afb82021-12-21 12:20:17.445root 11241100x8000000000000000652176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bbf794cefbaa022021-12-21 12:20:17.445root 11241100x8000000000000000652177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb77074c2077cab42021-12-21 12:20:17.445root 11241100x8000000000000000652178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebbcac7d28a853b2021-12-21 12:20:17.445root 11241100x8000000000000000652179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f73b7399cd473b52021-12-21 12:20:17.445root 11241100x8000000000000000652180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535654edf28433c82021-12-21 12:20:17.446root 11241100x8000000000000000652181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f2614fb907d02c2021-12-21 12:20:17.446root 11241100x8000000000000000652182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329f2fd95e880e232021-12-21 12:20:17.943root 11241100x8000000000000000652183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd426ffd111a4522021-12-21 12:20:17.943root 11241100x8000000000000000652184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c200c7954c0fccaf2021-12-21 12:20:17.944root 11241100x8000000000000000652185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4507a8c293bb98ea2021-12-21 12:20:17.944root 11241100x8000000000000000652186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e8314f5f7fafbf2021-12-21 12:20:17.944root 11241100x8000000000000000652187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7133a263deba7c2021-12-21 12:20:17.944root 11241100x8000000000000000652188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c78ca8689cdd1d52021-12-21 12:20:17.944root 11241100x8000000000000000652189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d518a761e2f29522021-12-21 12:20:17.944root 11241100x8000000000000000652190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37be0a12abf0ef62021-12-21 12:20:17.945root 11241100x8000000000000000652191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc057be95755bf62021-12-21 12:20:17.945root 11241100x8000000000000000652192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419daa69baf96a182021-12-21 12:20:17.945root 11241100x8000000000000000652193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a303b16eeab41fbb2021-12-21 12:20:17.945root 11241100x8000000000000000652194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5549ac7bd534b4cc2021-12-21 12:20:17.945root 11241100x8000000000000000652195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598f082ec3eae1802021-12-21 12:20:17.945root 11241100x8000000000000000652196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ad89e7a099c9142021-12-21 12:20:17.945root 11241100x8000000000000000652197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d15b34ade3a3702021-12-21 12:20:17.945root 11241100x8000000000000000652198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a43328f2f15cf622021-12-21 12:20:17.946root 11241100x8000000000000000652199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bfc3bcb547dbcc2021-12-21 12:20:17.946root 11241100x8000000000000000652200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aef037c1b21addc2021-12-21 12:20:18.443root 11241100x8000000000000000652201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eadfab9547316c22021-12-21 12:20:18.443root 11241100x8000000000000000652202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1c6777f07bb5f82021-12-21 12:20:18.443root 11241100x8000000000000000652203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79e02768c12c8232021-12-21 12:20:18.443root 11241100x8000000000000000652204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ec4d9227fdf8c72021-12-21 12:20:18.443root 11241100x8000000000000000652205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4dcdb2482ae58e2021-12-21 12:20:18.444root 11241100x8000000000000000652206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd4cc657151f6cd2021-12-21 12:20:18.444root 11241100x8000000000000000652207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62f6e53cb6335862021-12-21 12:20:18.444root 11241100x8000000000000000652208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97b412412f045f22021-12-21 12:20:18.444root 11241100x8000000000000000652209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7193d9274946e6262021-12-21 12:20:18.444root 11241100x8000000000000000652210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de51af13648203ae2021-12-21 12:20:18.444root 11241100x8000000000000000652211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f37c3a5b3155ad42021-12-21 12:20:18.444root 11241100x8000000000000000652212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b229511b87f0c2a2021-12-21 12:20:18.444root 11241100x8000000000000000652213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6773ad59c52418452021-12-21 12:20:18.444root 11241100x8000000000000000652214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa1ac173d1b4ec62021-12-21 12:20:18.444root 11241100x8000000000000000652215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d0d1ca5c540def2021-12-21 12:20:18.444root 11241100x8000000000000000652216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a15dd95338e29942021-12-21 12:20:18.445root 11241100x8000000000000000652217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8188079a170cc42021-12-21 12:20:18.445root 11241100x8000000000000000652218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3021ad68f897d862021-12-21 12:20:18.943root 11241100x8000000000000000652219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506cd7b93fcfe6482021-12-21 12:20:18.943root 11241100x8000000000000000652220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6195ef362fcce7942021-12-21 12:20:18.944root 11241100x8000000000000000652221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e37383bd6682f82021-12-21 12:20:18.944root 11241100x8000000000000000652222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c04b9704d0f19a2021-12-21 12:20:18.944root 11241100x8000000000000000652223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cfa40203cf50f52021-12-21 12:20:18.944root 11241100x8000000000000000652224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8a3be6a6729ad12021-12-21 12:20:18.944root 11241100x8000000000000000652225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289ba44b86ac609f2021-12-21 12:20:18.944root 11241100x8000000000000000652226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc6547fd0ea7ec62021-12-21 12:20:18.944root 11241100x8000000000000000652227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3b0ec0bd659e872021-12-21 12:20:18.945root 11241100x8000000000000000652228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388c7c9c56819b2e2021-12-21 12:20:18.945root 11241100x8000000000000000652229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c15d20dc43a58df2021-12-21 12:20:18.945root 11241100x8000000000000000652230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e6556d6432d4632021-12-21 12:20:18.945root 11241100x8000000000000000652231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37f0ed00a5bece32021-12-21 12:20:18.945root 11241100x8000000000000000652232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c6b133bdb5674a2021-12-21 12:20:18.945root 11241100x8000000000000000652233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49421f5cf8f0789f2021-12-21 12:20:18.945root 11241100x8000000000000000652234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d16361e00a68ef92021-12-21 12:20:18.945root 11241100x8000000000000000652235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714d51ebc83d3da72021-12-21 12:20:18.945root 11241100x8000000000000000652236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1e148a29a8a9102021-12-21 12:20:19.443root 11241100x8000000000000000652237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cafafdea357ad382021-12-21 12:20:19.443root 11241100x8000000000000000652238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0c8eb09ddd7c822021-12-21 12:20:19.444root 11241100x8000000000000000652239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23bd0a1b0656af62021-12-21 12:20:19.444root 11241100x8000000000000000652240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d73ea026da652bf2021-12-21 12:20:19.444root 11241100x8000000000000000652241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bf3324409298a82021-12-21 12:20:19.444root 11241100x8000000000000000652242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e3d17ebe62b4ee2021-12-21 12:20:19.444root 11241100x8000000000000000652243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b74e8ba5e4763c42021-12-21 12:20:19.444root 11241100x8000000000000000652244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12dbecdc1b3c1262021-12-21 12:20:19.444root 11241100x8000000000000000652245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418ac0650200486f2021-12-21 12:20:19.445root 11241100x8000000000000000652246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7fa0d0f7c4967f2021-12-21 12:20:19.445root 11241100x8000000000000000652247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b77593d192c5c112021-12-21 12:20:19.445root 11241100x8000000000000000652248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3fb51db4096ea72021-12-21 12:20:19.445root 11241100x8000000000000000652249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2adca4dbb8533b2021-12-21 12:20:19.445root 11241100x8000000000000000652250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468e5e4d2ad11aa92021-12-21 12:20:19.445root 11241100x8000000000000000652251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741ae45097c38d672021-12-21 12:20:19.446root 11241100x8000000000000000652252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3858eeb7edb8ca62021-12-21 12:20:19.446root 11241100x8000000000000000652253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ea116ea4d2de2b2021-12-21 12:20:19.446root 11241100x8000000000000000652254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c29d1ce22eaa6d2021-12-21 12:20:19.943root 11241100x8000000000000000652255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b8dc2b64ceec382021-12-21 12:20:19.943root 11241100x8000000000000000652256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4742908f8b7c3cce2021-12-21 12:20:19.944root 11241100x8000000000000000652257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94c218c29656a272021-12-21 12:20:19.944root 11241100x8000000000000000652258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce405f03d3d921fc2021-12-21 12:20:19.944root 11241100x8000000000000000652259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b2433d05a845772021-12-21 12:20:19.944root 11241100x8000000000000000652260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1ae9a7d4ac396a2021-12-21 12:20:19.944root 11241100x8000000000000000652261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2077af1bfa01be02021-12-21 12:20:19.944root 11241100x8000000000000000652262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23b6103a6c14cd22021-12-21 12:20:19.944root 11241100x8000000000000000652263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c92ef59c864e1f12021-12-21 12:20:19.944root 11241100x8000000000000000652264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be69943e44aabf4d2021-12-21 12:20:19.944root 11241100x8000000000000000652265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ff2075965db0c82021-12-21 12:20:19.945root 11241100x8000000000000000652266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5881b7a0ed9b232021-12-21 12:20:19.945root 11241100x8000000000000000652267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af9f80f825dd07d2021-12-21 12:20:19.945root 11241100x8000000000000000652268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701ccb81e1779eb62021-12-21 12:20:19.945root 11241100x8000000000000000652269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a256f6f4fd04452021-12-21 12:20:19.945root 11241100x8000000000000000652270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46352bdf65913a2a2021-12-21 12:20:19.945root 11241100x8000000000000000652271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fbfeb42fd289002021-12-21 12:20:19.945root 354300x8000000000000000652272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.095{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49842-false10.0.1.12-8000- 11241100x8000000000000000652273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b8b049c6790cdd2021-12-21 12:20:20.443root 11241100x8000000000000000652274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60f6c224cdcacd52021-12-21 12:20:20.443root 11241100x8000000000000000652275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a06799ec701b9e2021-12-21 12:20:20.443root 11241100x8000000000000000652276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e0bd6ea402683a2021-12-21 12:20:20.443root 11241100x8000000000000000652277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d02b042322e3c062021-12-21 12:20:20.444root 11241100x8000000000000000652278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa9c6a0c517f2872021-12-21 12:20:20.444root 11241100x8000000000000000652279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafdf40be9bac56d2021-12-21 12:20:20.444root 11241100x8000000000000000652280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52525ef8b3f1ba5b2021-12-21 12:20:20.444root 11241100x8000000000000000652281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52e1a4d0a0d1c902021-12-21 12:20:20.444root 11241100x8000000000000000652282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ba1a23666149b72021-12-21 12:20:20.444root 11241100x8000000000000000652283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c62a1808eb25af2021-12-21 12:20:20.444root 11241100x8000000000000000652284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078693e83eec8a2c2021-12-21 12:20:20.444root 11241100x8000000000000000652285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de48714b8c352522021-12-21 12:20:20.444root 11241100x8000000000000000652286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad64591f40915362021-12-21 12:20:20.444root 11241100x8000000000000000652287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4312c41ec20355fd2021-12-21 12:20:20.444root 11241100x8000000000000000652288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5940fb7961bb98212021-12-21 12:20:20.445root 11241100x8000000000000000652289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4641b90774223f12021-12-21 12:20:20.445root 11241100x8000000000000000652290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4375fd2dc9d2b3202021-12-21 12:20:20.445root 11241100x8000000000000000652291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a547a06daa3fd4ab2021-12-21 12:20:20.445root 11241100x8000000000000000652292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecca4f4a48714f5c2021-12-21 12:20:20.943root 11241100x8000000000000000652293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbee51ea07646cb2021-12-21 12:20:20.943root 11241100x8000000000000000652294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01a24986ffd1c282021-12-21 12:20:20.944root 11241100x8000000000000000652295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bed7c158a647ffb2021-12-21 12:20:20.944root 11241100x8000000000000000652296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc55f6226ac638052021-12-21 12:20:20.944root 11241100x8000000000000000652297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee09102e589994f42021-12-21 12:20:20.944root 11241100x8000000000000000652298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e31ec897f757bd2021-12-21 12:20:20.944root 11241100x8000000000000000652299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603f0c5d1ad627972021-12-21 12:20:20.944root 11241100x8000000000000000652300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3227c93f4358b2002021-12-21 12:20:20.944root 11241100x8000000000000000652301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14520d4ad816e59d2021-12-21 12:20:20.944root 11241100x8000000000000000652302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9848045f37e1a9f12021-12-21 12:20:20.944root 11241100x8000000000000000652303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc32912bb401c752021-12-21 12:20:20.944root 11241100x8000000000000000652304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4228767cac9a90c2021-12-21 12:20:20.944root 11241100x8000000000000000652305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd456376c413d0b2021-12-21 12:20:20.944root 11241100x8000000000000000652306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8395effea7e4a3e02021-12-21 12:20:20.945root 11241100x8000000000000000652307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081341993dc6ad442021-12-21 12:20:20.945root 11241100x8000000000000000652308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3df3cac1bf4bf9e2021-12-21 12:20:20.945root 11241100x8000000000000000652309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc78a0bf36e4f012021-12-21 12:20:20.945root 11241100x8000000000000000652310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3775f0cdd355a1832021-12-21 12:20:20.945root 11241100x8000000000000000652311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5876572f750ffc2021-12-21 12:20:21.444root 11241100x8000000000000000652312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8452866e98ac622021-12-21 12:20:21.444root 11241100x8000000000000000652313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79e1b9f987f6b542021-12-21 12:20:21.444root 11241100x8000000000000000652314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d33e615d43209872021-12-21 12:20:21.444root 11241100x8000000000000000652315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7560907411f63f3c2021-12-21 12:20:21.445root 11241100x8000000000000000652316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b0df55eb6301882021-12-21 12:20:21.445root 11241100x8000000000000000652317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e560e4e8dd8481c62021-12-21 12:20:21.445root 11241100x8000000000000000652318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18dd47fb564c3e52021-12-21 12:20:21.445root 11241100x8000000000000000652319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ca5758a368821d2021-12-21 12:20:21.445root 11241100x8000000000000000652320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced4e363c2eb4ea82021-12-21 12:20:21.446root 11241100x8000000000000000652321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07b1c32683673272021-12-21 12:20:21.446root 11241100x8000000000000000652322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16bbbafe8fab2922021-12-21 12:20:21.446root 11241100x8000000000000000652323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a23d17d26a0f8f2021-12-21 12:20:21.446root 11241100x8000000000000000652324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c087f9774a3b72c2021-12-21 12:20:21.446root 11241100x8000000000000000652325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742a6e96ac27c8b92021-12-21 12:20:21.446root 11241100x8000000000000000652326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd4c3e0476889452021-12-21 12:20:21.446root 11241100x8000000000000000652327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3793c2fdf90ac92021-12-21 12:20:21.446root 11241100x8000000000000000652328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a964d18884bd832021-12-21 12:20:21.446root 11241100x8000000000000000652329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6881fb0812bcabcf2021-12-21 12:20:21.447root 11241100x8000000000000000652330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1f5b8c7dbc9a552021-12-21 12:20:21.943root 11241100x8000000000000000652331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732062f7e367fc322021-12-21 12:20:21.943root 11241100x8000000000000000652332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4534925c2d3d132021-12-21 12:20:21.944root 11241100x8000000000000000652333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84dbe903246bde42021-12-21 12:20:21.944root 11241100x8000000000000000652334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eb2775aa8855d72021-12-21 12:20:21.944root 11241100x8000000000000000652335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac371d3ab397cc32021-12-21 12:20:21.944root 11241100x8000000000000000652336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae19ea87879144a2021-12-21 12:20:21.944root 11241100x8000000000000000652337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fe0c981964efa52021-12-21 12:20:21.944root 11241100x8000000000000000652338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a3268626c1c14d2021-12-21 12:20:21.944root 11241100x8000000000000000652339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68d7b3797b9f2e12021-12-21 12:20:21.944root 11241100x8000000000000000652340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9155600f7780f82021-12-21 12:20:21.944root 11241100x8000000000000000652341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf789be2506be7642021-12-21 12:20:21.944root 11241100x8000000000000000652342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5217cccb539b3a832021-12-21 12:20:21.945root 11241100x8000000000000000652343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4122e2ce5834f2e42021-12-21 12:20:21.945root 11241100x8000000000000000652344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e81974a9a24c062021-12-21 12:20:21.945root 11241100x8000000000000000652345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd39c21acb86dc812021-12-21 12:20:21.945root 11241100x8000000000000000652346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0227d0381f438192021-12-21 12:20:21.945root 11241100x8000000000000000652347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4d57ebdeef3f682021-12-21 12:20:21.945root 11241100x8000000000000000652348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7df8aae64dc7952021-12-21 12:20:21.945root 11241100x8000000000000000652349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bc0d203d14b8a22021-12-21 12:20:21.945root 11241100x8000000000000000652350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473a1e37be36a9db2021-12-21 12:20:21.946root 11241100x8000000000000000652351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79445b4dca288c0e2021-12-21 12:20:21.946root 11241100x8000000000000000652352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efaf5e9cc6b89022021-12-21 12:20:21.946root 11241100x8000000000000000652353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0284c93bf7b78e222021-12-21 12:20:21.946root 11241100x8000000000000000652354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feecb23b3fc56ef32021-12-21 12:20:22.443root 11241100x8000000000000000652355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47b13aa7219b37c2021-12-21 12:20:22.443root 11241100x8000000000000000652356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e043eaab3b33642021-12-21 12:20:22.443root 11241100x8000000000000000652357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01126c0d7866545c2021-12-21 12:20:22.443root 11241100x8000000000000000652358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1cc67dc688015d2021-12-21 12:20:22.444root 11241100x8000000000000000652359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8e9feb717dff122021-12-21 12:20:22.444root 11241100x8000000000000000652360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d56bba72a2915922021-12-21 12:20:22.444root 11241100x8000000000000000652361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1e841476da2d962021-12-21 12:20:22.444root 11241100x8000000000000000652362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da4923845086b9c2021-12-21 12:20:22.444root 11241100x8000000000000000652363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d146309293efd332021-12-21 12:20:22.444root 11241100x8000000000000000652364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8f44dd807be95c2021-12-21 12:20:22.444root 11241100x8000000000000000652365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a471d894b5afbfe22021-12-21 12:20:22.444root 11241100x8000000000000000652366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5066448c3ed90d82021-12-21 12:20:22.444root 11241100x8000000000000000652367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1493a450d3134aeb2021-12-21 12:20:22.444root 11241100x8000000000000000652368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44d7f7a84ff34512021-12-21 12:20:22.444root 11241100x8000000000000000652369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc436f3e6e6184342021-12-21 12:20:22.444root 11241100x8000000000000000652370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c22d4b3a8b4d252021-12-21 12:20:22.444root 11241100x8000000000000000652371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe91b1e5c7b0d622021-12-21 12:20:22.444root 11241100x8000000000000000652372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b62ace8e0d30fb2021-12-21 12:20:22.444root 11241100x8000000000000000652373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b206bb24433248f2021-12-21 12:20:22.943root 11241100x8000000000000000652374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec4fc485bbe5e3f2021-12-21 12:20:22.943root 11241100x8000000000000000652375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec89a7538058f0a52021-12-21 12:20:22.943root 11241100x8000000000000000652376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892245179a0f33b52021-12-21 12:20:22.944root 11241100x8000000000000000652377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0fdb2cf3ac18962021-12-21 12:20:22.944root 11241100x8000000000000000652378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6c43a6df098e5b2021-12-21 12:20:22.944root 11241100x8000000000000000652379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869e9776d4e4172f2021-12-21 12:20:22.944root 11241100x8000000000000000652380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b8de4e40eaa47d2021-12-21 12:20:22.944root 11241100x8000000000000000652381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27568ec8a9790f72021-12-21 12:20:22.944root 11241100x8000000000000000652382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6229ec77707267ff2021-12-21 12:20:22.944root 11241100x8000000000000000652383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cf69c0a276d8882021-12-21 12:20:22.944root 11241100x8000000000000000652384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2a45d836af1eb52021-12-21 12:20:22.944root 11241100x8000000000000000652385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad06aba28cf0788f2021-12-21 12:20:22.944root 11241100x8000000000000000652386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5f8df2de4c42382021-12-21 12:20:22.944root 11241100x8000000000000000652387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6780e8d89c6508a02021-12-21 12:20:22.944root 11241100x8000000000000000652388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53438819ed3bb5482021-12-21 12:20:22.944root 11241100x8000000000000000652389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c8aed7eae49c992021-12-21 12:20:22.945root 11241100x8000000000000000652390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11632a18732216672021-12-21 12:20:22.945root 11241100x8000000000000000652391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4dc8e5923c46fa82021-12-21 12:20:22.945root 11241100x8000000000000000652392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9916ca1904503062021-12-21 12:20:23.443root 11241100x8000000000000000652393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b41d239d1bb47022021-12-21 12:20:23.443root 11241100x8000000000000000652394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf8f1d85a3d0e0c2021-12-21 12:20:23.444root 11241100x8000000000000000652395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df561794ba3ac5a22021-12-21 12:20:23.444root 11241100x8000000000000000652396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15964e67242578a2021-12-21 12:20:23.444root 11241100x8000000000000000652397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e9d503dbdaa7a22021-12-21 12:20:23.444root 11241100x8000000000000000652398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b7d1529aae85ef2021-12-21 12:20:23.445root 11241100x8000000000000000652399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799158c5d33633f72021-12-21 12:20:23.445root 11241100x8000000000000000652400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f623b5de62e2582021-12-21 12:20:23.445root 11241100x8000000000000000652401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a55dbd5a2e15fbe2021-12-21 12:20:23.445root 11241100x8000000000000000652402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cf90dd636ad69f2021-12-21 12:20:23.445root 11241100x8000000000000000652403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b133869407a27a2021-12-21 12:20:23.445root 11241100x8000000000000000652404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d80768fd16538392021-12-21 12:20:23.446root 11241100x8000000000000000652405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8943c00bb6457aa62021-12-21 12:20:23.446root 11241100x8000000000000000652406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5862e022e6223b2021-12-21 12:20:23.446root 11241100x8000000000000000652407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c020f03cc67d13442021-12-21 12:20:23.446root 11241100x8000000000000000652408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a947107afe208dd42021-12-21 12:20:23.446root 11241100x8000000000000000652409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00bdcedc993f1192021-12-21 12:20:23.446root 11241100x8000000000000000652410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46923f848d6595882021-12-21 12:20:23.447root 11241100x8000000000000000652411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b220ced68b29c0bd2021-12-21 12:20:23.943root 11241100x8000000000000000652412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bc993cd977869c2021-12-21 12:20:23.943root 11241100x8000000000000000652413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fddbfc981618462021-12-21 12:20:23.943root 11241100x8000000000000000652414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7494175f68459572021-12-21 12:20:23.943root 11241100x8000000000000000652415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1934d9f566f96b32021-12-21 12:20:23.944root 11241100x8000000000000000652416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd9126f63dd24902021-12-21 12:20:23.944root 11241100x8000000000000000652417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d0b820e06e1cc62021-12-21 12:20:23.944root 11241100x8000000000000000652418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea2296d19b1b34e2021-12-21 12:20:23.944root 11241100x8000000000000000652419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232ca7e06b88bbc42021-12-21 12:20:23.944root 11241100x8000000000000000652420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1972f35b152390732021-12-21 12:20:23.944root 11241100x8000000000000000652421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fefcc432a5dd1d42021-12-21 12:20:23.944root 11241100x8000000000000000652422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b54c4479c416032021-12-21 12:20:23.944root 11241100x8000000000000000652423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3cbd965c736e5a2021-12-21 12:20:23.944root 11241100x8000000000000000652424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51dffe57af04dea92021-12-21 12:20:23.944root 11241100x8000000000000000652425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c562a5c62b7bd8822021-12-21 12:20:23.944root 11241100x8000000000000000652426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56924ac0051b54092021-12-21 12:20:23.944root 11241100x8000000000000000652427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8a69657c9b40c62021-12-21 12:20:23.944root 11241100x8000000000000000652428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ab56084237c6fb2021-12-21 12:20:23.944root 11241100x8000000000000000652429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6b7334cc4843662021-12-21 12:20:23.944root 11241100x8000000000000000652430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6aa1d02269b0fc2021-12-21 12:20:24.443root 11241100x8000000000000000652431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7d2eee833c19b12021-12-21 12:20:24.443root 11241100x8000000000000000652432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e196b7166bbff12021-12-21 12:20:24.443root 11241100x8000000000000000652433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7aaa731b81c0be62021-12-21 12:20:24.443root 11241100x8000000000000000652434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f6b07ea2df7be52021-12-21 12:20:24.444root 11241100x8000000000000000652435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84997be319cc90b2021-12-21 12:20:24.444root 11241100x8000000000000000652436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1181c07307b316762021-12-21 12:20:24.444root 11241100x8000000000000000652437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f005646776f5f62021-12-21 12:20:24.444root 11241100x8000000000000000652438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ed1faaff8d38f82021-12-21 12:20:24.444root 11241100x8000000000000000652439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5052cc1ddabbc3912021-12-21 12:20:24.444root 11241100x8000000000000000652440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92dd03171c1d988a2021-12-21 12:20:24.444root 11241100x8000000000000000652441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab49de18ad5ad27a2021-12-21 12:20:24.444root 11241100x8000000000000000652442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6348d4021a47c7c22021-12-21 12:20:24.444root 11241100x8000000000000000652443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af2797cc8619ff52021-12-21 12:20:24.444root 11241100x8000000000000000652444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbfa6865ec350c12021-12-21 12:20:24.444root 11241100x8000000000000000652445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54ce59f8a0c6e7d2021-12-21 12:20:24.444root 11241100x8000000000000000652446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525f7af9cfd608992021-12-21 12:20:24.445root 11241100x8000000000000000652447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8902b23fef8f7162021-12-21 12:20:24.445root 11241100x8000000000000000652448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf67699e14a9eea2021-12-21 12:20:24.445root 11241100x8000000000000000652449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941c1b2992a838f32021-12-21 12:20:24.943root 11241100x8000000000000000652450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a824695862fa90672021-12-21 12:20:24.943root 11241100x8000000000000000652451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303352a6bd87fc7a2021-12-21 12:20:24.943root 11241100x8000000000000000652452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c1f6687a3596b32021-12-21 12:20:24.943root 11241100x8000000000000000652453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc55ef0f052d0312021-12-21 12:20:24.944root 11241100x8000000000000000652454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96b3383b60e17a52021-12-21 12:20:24.944root 11241100x8000000000000000652455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d293477eab1397d2021-12-21 12:20:24.944root 11241100x8000000000000000652456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24734159c9faaeb92021-12-21 12:20:24.944root 11241100x8000000000000000652457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cd06f4d4c2aa9d2021-12-21 12:20:24.944root 11241100x8000000000000000652458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759a8c34db441cd52021-12-21 12:20:24.944root 11241100x8000000000000000652459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8a3a09b695167e2021-12-21 12:20:24.944root 11241100x8000000000000000652460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930c7dfdceafbccc2021-12-21 12:20:24.945root 11241100x8000000000000000652461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edf62c34c7d4b572021-12-21 12:20:24.945root 11241100x8000000000000000652462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309b29de72f50a112021-12-21 12:20:24.945root 11241100x8000000000000000652463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678c54a3a84afa8d2021-12-21 12:20:24.945root 11241100x8000000000000000652464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd0c916f40d3aa22021-12-21 12:20:24.945root 11241100x8000000000000000652465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e494d9340fe4b8352021-12-21 12:20:24.945root 11241100x8000000000000000652466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf86f346b2cca842021-12-21 12:20:24.945root 11241100x8000000000000000652467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c5068384e411452021-12-21 12:20:24.946root 354300x8000000000000000652468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.240{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49844-false10.0.1.12-8000- 11241100x8000000000000000652469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2392769def2a962021-12-21 12:20:25.241root 11241100x8000000000000000652470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44b8b75c4456ef52021-12-21 12:20:25.241root 11241100x8000000000000000652471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cbcb9edb362f6a2021-12-21 12:20:25.241root 11241100x8000000000000000652472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d24510fe54ee9f2021-12-21 12:20:25.241root 11241100x8000000000000000652473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4961d7a40719b6dc2021-12-21 12:20:25.242root 11241100x8000000000000000652474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b56baa26dbc2f02021-12-21 12:20:25.242root 11241100x8000000000000000652475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dc3a876213f2382021-12-21 12:20:25.242root 11241100x8000000000000000652476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d8aa87c93f25562021-12-21 12:20:25.242root 11241100x8000000000000000652477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6e1ce451ee28542021-12-21 12:20:25.242root 11241100x8000000000000000652478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce6bc51958e80b22021-12-21 12:20:25.243root 11241100x8000000000000000652479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9419aef1c3b781ec2021-12-21 12:20:25.243root 11241100x8000000000000000652480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e125b6c3f2fb7d902021-12-21 12:20:25.243root 11241100x8000000000000000652481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883453327042f7cc2021-12-21 12:20:25.243root 11241100x8000000000000000652482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd3b24e2eb2e3472021-12-21 12:20:25.243root 11241100x8000000000000000652483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcc575e97f190382021-12-21 12:20:25.243root 11241100x8000000000000000652484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5474180d1dd8d5f2021-12-21 12:20:25.243root 11241100x8000000000000000652485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe5c6a91a76caee2021-12-21 12:20:25.244root 11241100x8000000000000000652486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be78bbda0caf56cf2021-12-21 12:20:25.244root 11241100x8000000000000000652487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdc61ccb4a300422021-12-21 12:20:25.244root 11241100x8000000000000000652488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b53dd4660ea8752021-12-21 12:20:25.244root 11241100x8000000000000000652489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913afb3a4a6fa4dd2021-12-21 12:20:25.693root 11241100x8000000000000000652490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da23b6d346134b52021-12-21 12:20:25.693root 11241100x8000000000000000652491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fc2490e8d398692021-12-21 12:20:25.693root 11241100x8000000000000000652492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25d6fdcdaa45f072021-12-21 12:20:25.693root 11241100x8000000000000000652493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc3f4cf61d7870c2021-12-21 12:20:25.694root 11241100x8000000000000000652494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abce7b0d1203124b2021-12-21 12:20:25.694root 11241100x8000000000000000652495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dc163f84abd7de2021-12-21 12:20:25.694root 11241100x8000000000000000652496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3ab6423e68b6f12021-12-21 12:20:25.694root 11241100x8000000000000000652497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7353e65aaed6989d2021-12-21 12:20:25.694root 11241100x8000000000000000652498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276271c32ac18d6f2021-12-21 12:20:25.694root 11241100x8000000000000000652499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6a7d4de62867c82021-12-21 12:20:25.694root 11241100x8000000000000000652500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120b9510a762f26d2021-12-21 12:20:25.694root 11241100x8000000000000000652501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb71661e6e6f2f82021-12-21 12:20:25.694root 11241100x8000000000000000652502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59233db9ed05d4ed2021-12-21 12:20:25.694root 11241100x8000000000000000652503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029915d32fb9bfd52021-12-21 12:20:25.694root 11241100x8000000000000000652504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf7d683a2695fa92021-12-21 12:20:25.694root 11241100x8000000000000000652505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472c16efdd107fd62021-12-21 12:20:25.694root 11241100x8000000000000000652506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea84f1b4821e6262021-12-21 12:20:25.694root 11241100x8000000000000000652507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638f82b7648e41a72021-12-21 12:20:25.695root 11241100x8000000000000000652508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5d3e6aacb0474e2021-12-21 12:20:25.695root 354300x8000000000000000652509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:25.783{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-36910-false10.0.1.12-8089- 11241100x8000000000000000652510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9434b9dca054aa342021-12-21 12:20:26.193root 11241100x8000000000000000652511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1382293e93f8d5a92021-12-21 12:20:26.194root 11241100x8000000000000000652512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7807ed4d389f40c92021-12-21 12:20:26.194root 11241100x8000000000000000652513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2abe8f1f11085dd2021-12-21 12:20:26.194root 11241100x8000000000000000652514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffca2dc16dcf8a82021-12-21 12:20:26.194root 11241100x8000000000000000652515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99aabfb0e76e3b12021-12-21 12:20:26.194root 11241100x8000000000000000652516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcecb493465c669d2021-12-21 12:20:26.194root 11241100x8000000000000000652517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161de861eb98b7942021-12-21 12:20:26.194root 11241100x8000000000000000652518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5759555d0bf600d92021-12-21 12:20:26.194root 11241100x8000000000000000652519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6d6d0923f9e6122021-12-21 12:20:26.194root 11241100x8000000000000000652520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b61b3b1b4c34b782021-12-21 12:20:26.194root 11241100x8000000000000000652521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc73c7d20de880b82021-12-21 12:20:26.195root 11241100x8000000000000000652522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c425e7c56dd0452021-12-21 12:20:26.195root 11241100x8000000000000000652523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9188099b1130e22c2021-12-21 12:20:26.195root 11241100x8000000000000000652524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f66414df07e0f32021-12-21 12:20:26.195root 11241100x8000000000000000652525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7308ab375fb3d3af2021-12-21 12:20:26.195root 11241100x8000000000000000652526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51c5bd2467030e22021-12-21 12:20:26.195root 11241100x8000000000000000652527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20845af729a01b182021-12-21 12:20:26.195root 11241100x8000000000000000652528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a85757d759577662021-12-21 12:20:26.195root 11241100x8000000000000000652529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a228ab9a0579d4302021-12-21 12:20:26.195root 11241100x8000000000000000652530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d7a1dce70de1132021-12-21 12:20:26.195root 11241100x8000000000000000652531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5742dd99677ca65b2021-12-21 12:20:26.693root 11241100x8000000000000000652532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b241584cae81952021-12-21 12:20:26.693root 11241100x8000000000000000652533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15685f8a146b630b2021-12-21 12:20:26.694root 11241100x8000000000000000652534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f95a782d9e6a382021-12-21 12:20:26.694root 11241100x8000000000000000652535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68811afb5c2db58f2021-12-21 12:20:26.694root 11241100x8000000000000000652536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704257ece8633cf42021-12-21 12:20:26.694root 11241100x8000000000000000652537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b91b3e2b9dc8caf2021-12-21 12:20:26.694root 11241100x8000000000000000652538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2285a772c6f7c9f12021-12-21 12:20:26.694root 11241100x8000000000000000652539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65811eb1f1f090102021-12-21 12:20:26.694root 11241100x8000000000000000652540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746334b49a8344ba2021-12-21 12:20:26.695root 11241100x8000000000000000652541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3ad589ba808ac42021-12-21 12:20:26.695root 11241100x8000000000000000652542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e07b4ec5e3819fb2021-12-21 12:20:26.695root 11241100x8000000000000000652543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0654c7221346644b2021-12-21 12:20:26.695root 11241100x8000000000000000652544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c2097975c2fe7a2021-12-21 12:20:26.695root 11241100x8000000000000000652545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcc61920696d51a2021-12-21 12:20:26.695root 11241100x8000000000000000652546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7eecd80f4b64342021-12-21 12:20:26.695root 11241100x8000000000000000652547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea30001dc14a6b5e2021-12-21 12:20:26.695root 11241100x8000000000000000652548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e9e1766f8d47ce2021-12-21 12:20:26.696root 11241100x8000000000000000652549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33fa81c4b5068742021-12-21 12:20:26.696root 11241100x8000000000000000652550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bd51d34fc25be22021-12-21 12:20:26.696root 11241100x8000000000000000652551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df239f988702ca3a2021-12-21 12:20:26.696root 11241100x8000000000000000652552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22a1c082ddae2b82021-12-21 12:20:27.193root 11241100x8000000000000000652553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1781b155fd2a2f2021-12-21 12:20:27.194root 11241100x8000000000000000652554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c846f92cbabd7a212021-12-21 12:20:27.194root 11241100x8000000000000000652555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92aedc0e6aa589ec2021-12-21 12:20:27.194root 11241100x8000000000000000652556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95144d2c466a44982021-12-21 12:20:27.194root 11241100x8000000000000000652557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb964ce7eecd757b2021-12-21 12:20:27.194root 11241100x8000000000000000652558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b7052a3db57e622021-12-21 12:20:27.194root 11241100x8000000000000000652559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262753916ca3d4922021-12-21 12:20:27.195root 11241100x8000000000000000652560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617302c3fd5c83af2021-12-21 12:20:27.195root 11241100x8000000000000000652561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aee9d496f289cde2021-12-21 12:20:27.195root 11241100x8000000000000000652562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77baa03fa9170c862021-12-21 12:20:27.195root 11241100x8000000000000000652563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d15db553b343dd2021-12-21 12:20:27.195root 11241100x8000000000000000652564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5331c3a1338b742021-12-21 12:20:27.195root 11241100x8000000000000000652565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cb67dad79c86be2021-12-21 12:20:27.195root 11241100x8000000000000000652566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd725aa867070ba2021-12-21 12:20:27.195root 11241100x8000000000000000652567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaef54be40125d222021-12-21 12:20:27.195root 11241100x8000000000000000652568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c0eae2de00c8e92021-12-21 12:20:27.195root 11241100x8000000000000000652569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96194eed30c3f5822021-12-21 12:20:27.195root 11241100x8000000000000000652570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782c34ae7d87046f2021-12-21 12:20:27.195root 11241100x8000000000000000652571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4989084edee56672021-12-21 12:20:27.195root 11241100x8000000000000000652572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c16d88cea87cc02021-12-21 12:20:27.195root 11241100x8000000000000000652573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65482513a1524ed92021-12-21 12:20:27.693root 11241100x8000000000000000652574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c5cc00b88876e92021-12-21 12:20:27.693root 11241100x8000000000000000652575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e1edcbde64be3f2021-12-21 12:20:27.694root 11241100x8000000000000000652576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3f8c5213cbe4752021-12-21 12:20:27.694root 11241100x8000000000000000652577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c98f179472c3f412021-12-21 12:20:27.694root 11241100x8000000000000000652578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d969a6cb779b1d52021-12-21 12:20:27.694root 11241100x8000000000000000652579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20275d9875a0ae0e2021-12-21 12:20:27.694root 11241100x8000000000000000652580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd34cef34fc5d572021-12-21 12:20:27.694root 11241100x8000000000000000652581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a488f8c4c326a42021-12-21 12:20:27.694root 11241100x8000000000000000652582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92aa5714e2338c202021-12-21 12:20:27.694root 11241100x8000000000000000652583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6215d3d644be6f32021-12-21 12:20:27.694root 11241100x8000000000000000652584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9a99dcdb2aad8d2021-12-21 12:20:27.694root 11241100x8000000000000000652585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b71db21743781e2021-12-21 12:20:27.694root 11241100x8000000000000000652586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9551f1227a3517f42021-12-21 12:20:27.694root 11241100x8000000000000000652587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471c44b60f8c615c2021-12-21 12:20:27.694root 11241100x8000000000000000652588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a45a9707723a4d2021-12-21 12:20:27.695root 11241100x8000000000000000652589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3e09cf7d78919a2021-12-21 12:20:27.695root 11241100x8000000000000000652590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51411ac4b2e1544a2021-12-21 12:20:27.695root 11241100x8000000000000000652591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4325d02e79450d202021-12-21 12:20:27.695root 11241100x8000000000000000652592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5dbb8a688220a82021-12-21 12:20:27.695root 11241100x8000000000000000652593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29acc3e87fb3fda52021-12-21 12:20:27.695root 11241100x8000000000000000652594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c8872f5386aebe2021-12-21 12:20:28.193root 11241100x8000000000000000652595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ee9590c8486f212021-12-21 12:20:28.193root 11241100x8000000000000000652596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55945aee89033bb22021-12-21 12:20:28.193root 11241100x8000000000000000652597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa5637a92fc835c2021-12-21 12:20:28.194root 11241100x8000000000000000652598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b379269065608d2021-12-21 12:20:28.194root 11241100x8000000000000000652599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209ba1578b8b62d82021-12-21 12:20:28.194root 11241100x8000000000000000652600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35cb4999285261b2021-12-21 12:20:28.194root 11241100x8000000000000000652601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e827fc784fa237542021-12-21 12:20:28.194root 11241100x8000000000000000652602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e752b90434f2612021-12-21 12:20:28.194root 11241100x8000000000000000652603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcc493f395db0f62021-12-21 12:20:28.194root 11241100x8000000000000000652604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4afbfa25acf84f2021-12-21 12:20:28.194root 11241100x8000000000000000652605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609cda6909db86b72021-12-21 12:20:28.194root 11241100x8000000000000000652606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170c0e433ee1a80c2021-12-21 12:20:28.194root 11241100x8000000000000000652607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c5736d166227342021-12-21 12:20:28.194root 11241100x8000000000000000652608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca8fd5be6e5108a2021-12-21 12:20:28.194root 11241100x8000000000000000652609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9015a91f0e93e6542021-12-21 12:20:28.194root 11241100x8000000000000000652610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2282067b8728e22021-12-21 12:20:28.194root 11241100x8000000000000000652611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89223320ef4455272021-12-21 12:20:28.194root 11241100x8000000000000000652612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b1bf27820ceb612021-12-21 12:20:28.195root 11241100x8000000000000000652613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a5995d23c5a3c32021-12-21 12:20:28.195root 11241100x8000000000000000652614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de16711abf0c5cd12021-12-21 12:20:28.195root 11241100x8000000000000000652615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738ea53515e727032021-12-21 12:20:28.693root 11241100x8000000000000000652616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd07d1fcb00943d42021-12-21 12:20:28.693root 11241100x8000000000000000652617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2084274c971c14022021-12-21 12:20:28.693root 11241100x8000000000000000652618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6e7560dea2b6522021-12-21 12:20:28.694root 11241100x8000000000000000652619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e638689f2a3b2072021-12-21 12:20:28.694root 11241100x8000000000000000652620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845c6b20d85951712021-12-21 12:20:28.694root 11241100x8000000000000000652621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1702882a8df66fe2021-12-21 12:20:28.694root 11241100x8000000000000000652622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292ed65a552798272021-12-21 12:20:28.694root 11241100x8000000000000000652623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8469358f03e650c32021-12-21 12:20:28.694root 11241100x8000000000000000652624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9737f62134bf4f9c2021-12-21 12:20:28.694root 11241100x8000000000000000652625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e7cc26596f95732021-12-21 12:20:28.694root 11241100x8000000000000000652626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3700e923823a089d2021-12-21 12:20:28.694root 11241100x8000000000000000652627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994797c828eca6412021-12-21 12:20:28.694root 11241100x8000000000000000652628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868f69aebbe74a4e2021-12-21 12:20:28.694root 11241100x8000000000000000652629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa952ab83f089692021-12-21 12:20:28.695root 11241100x8000000000000000652630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c269cade871a958d2021-12-21 12:20:28.695root 11241100x8000000000000000652631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a900788253184c2021-12-21 12:20:28.695root 11241100x8000000000000000652632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac12c5a262b33a92021-12-21 12:20:28.695root 11241100x8000000000000000652633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c69c681f3f06e2e2021-12-21 12:20:28.695root 11241100x8000000000000000652634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9108d3d507c3b09d2021-12-21 12:20:28.695root 11241100x8000000000000000652635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73522ee4d3af8fa72021-12-21 12:20:28.695root 11241100x8000000000000000652636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7f9c8d5e837ed12021-12-21 12:20:29.193root 11241100x8000000000000000652637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcad246ac7344b62021-12-21 12:20:29.193root 11241100x8000000000000000652638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f022789d68c54a92021-12-21 12:20:29.193root 11241100x8000000000000000652639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8246384bc92d962021-12-21 12:20:29.193root 11241100x8000000000000000652640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77991cacce0d5b12021-12-21 12:20:29.194root 11241100x8000000000000000652641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1789f51560c6af2021-12-21 12:20:29.194root 11241100x8000000000000000652642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2ba34079d44e632021-12-21 12:20:29.194root 11241100x8000000000000000652643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9252b9eabc3e6f132021-12-21 12:20:29.194root 11241100x8000000000000000652644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4992957a457887f2021-12-21 12:20:29.194root 11241100x8000000000000000652645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b895ae64ccf6c82021-12-21 12:20:29.194root 11241100x8000000000000000652646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599b94a21a2f4c832021-12-21 12:20:29.194root 11241100x8000000000000000652647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a44375debae898b2021-12-21 12:20:29.194root 11241100x8000000000000000652648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120eb8d1addc99bf2021-12-21 12:20:29.194root 11241100x8000000000000000652649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555494c180dfe35d2021-12-21 12:20:29.194root 11241100x8000000000000000652650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cd63b98c9a3e842021-12-21 12:20:29.195root 11241100x8000000000000000652651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382709eeb8dcbf7c2021-12-21 12:20:29.195root 11241100x8000000000000000652652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c105439c1072ab92021-12-21 12:20:29.195root 11241100x8000000000000000652653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a231aea69c2a4e22021-12-21 12:20:29.195root 11241100x8000000000000000652654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff986c3789356702021-12-21 12:20:29.195root 11241100x8000000000000000652655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629d58581cb6d0802021-12-21 12:20:29.195root 11241100x8000000000000000652656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff2af96a8d2354c2021-12-21 12:20:29.195root 11241100x8000000000000000652657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33bd8d0aed544e92021-12-21 12:20:29.693root 11241100x8000000000000000652658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee92dc571bbb3932021-12-21 12:20:29.693root 11241100x8000000000000000652659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2007924a487ee3682021-12-21 12:20:29.693root 11241100x8000000000000000652660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f51ad72e682fba52021-12-21 12:20:29.694root 11241100x8000000000000000652661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0c05bd0c6d9b1c2021-12-21 12:20:29.694root 11241100x8000000000000000652662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18446dd707de7c9a2021-12-21 12:20:29.694root 11241100x8000000000000000652663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c2edb4d256f6102021-12-21 12:20:29.694root 11241100x8000000000000000652664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76631535a2033fb2021-12-21 12:20:29.694root 11241100x8000000000000000652665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d25528304c4c96f2021-12-21 12:20:29.694root 11241100x8000000000000000652666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0140e56da90b762021-12-21 12:20:29.694root 11241100x8000000000000000652667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b89e6fc5c214b702021-12-21 12:20:29.694root 11241100x8000000000000000652668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d26be4cf5e9cd292021-12-21 12:20:29.694root 11241100x8000000000000000652669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989c97abeac91f3a2021-12-21 12:20:29.694root 11241100x8000000000000000652670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842846c7a697009d2021-12-21 12:20:29.695root 11241100x8000000000000000652671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be44f6120b01be5c2021-12-21 12:20:29.695root 11241100x8000000000000000652672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217e987b48349f442021-12-21 12:20:29.695root 11241100x8000000000000000652673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f93d89bb4e0ac72021-12-21 12:20:29.695root 11241100x8000000000000000652674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e09436da3f6f992021-12-21 12:20:29.695root 11241100x8000000000000000652675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef1dff49711de2f2021-12-21 12:20:29.695root 11241100x8000000000000000652676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164b49496e7caec82021-12-21 12:20:29.695root 11241100x8000000000000000652677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0755d7ad0585717f2021-12-21 12:20:29.696root 11241100x8000000000000000652678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774b9bf36ab071452021-12-21 12:20:30.193root 11241100x8000000000000000652679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036188d41c9887e02021-12-21 12:20:30.193root 11241100x8000000000000000652680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04baba13614ee792021-12-21 12:20:30.193root 11241100x8000000000000000652681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d580ff13ae01d32021-12-21 12:20:30.193root 11241100x8000000000000000652682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bc604c5b52009d2021-12-21 12:20:30.193root 11241100x8000000000000000652683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc8d4d13c4f68ca2021-12-21 12:20:30.193root 11241100x8000000000000000652684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6c9826aa714d562021-12-21 12:20:30.193root 11241100x8000000000000000652685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fcd55b1fec8c982021-12-21 12:20:30.193root 11241100x8000000000000000652686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebac4c61250d8a52021-12-21 12:20:30.193root 11241100x8000000000000000652687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2464e8cbda8d0712021-12-21 12:20:30.193root 11241100x8000000000000000652688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c966ede7e256aa832021-12-21 12:20:30.193root 11241100x8000000000000000652689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b8d1c4fb14f18d2021-12-21 12:20:30.194root 11241100x8000000000000000652690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71470783bb8cc7f32021-12-21 12:20:30.194root 11241100x8000000000000000652691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16feda7f4e1fdbd12021-12-21 12:20:30.194root 11241100x8000000000000000652692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57617945555072532021-12-21 12:20:30.194root 11241100x8000000000000000652693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33e38f6c9b314fb2021-12-21 12:20:30.194root 11241100x8000000000000000652694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e239e6300f986c112021-12-21 12:20:30.194root 11241100x8000000000000000652695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb4b828e776f05c2021-12-21 12:20:30.196root 11241100x8000000000000000652696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253c0cff392c8c5d2021-12-21 12:20:30.196root 11241100x8000000000000000652697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4ddf37a20f503a2021-12-21 12:20:30.196root 11241100x8000000000000000652698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b0811daa29546a2021-12-21 12:20:30.197root 11241100x8000000000000000652699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1fce5554dc63e52021-12-21 12:20:30.197root 11241100x8000000000000000652700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dca07434dcd09152021-12-21 12:20:30.197root 11241100x8000000000000000652701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ac6cafb31a6fc22021-12-21 12:20:30.197root 11241100x8000000000000000652702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9849ea6a3bafd4752021-12-21 12:20:30.197root 11241100x8000000000000000652703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ee8e0929d04fc52021-12-21 12:20:30.197root 11241100x8000000000000000652704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5913b59e56df7a7f2021-12-21 12:20:30.199root 11241100x8000000000000000652705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73a7e45bccdfe9f2021-12-21 12:20:30.199root 11241100x8000000000000000652706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30acdad07ee1bdc2021-12-21 12:20:30.200root 11241100x8000000000000000652707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fcf83f1764a7402021-12-21 12:20:30.200root 11241100x8000000000000000652708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad40a07b2fbfe412021-12-21 12:20:30.200root 11241100x8000000000000000652709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ed8ff724a54e992021-12-21 12:20:30.200root 11241100x8000000000000000652710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d978421751d16d2021-12-21 12:20:30.200root 11241100x8000000000000000652711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ac860efd7df7072021-12-21 12:20:30.200root 11241100x8000000000000000652712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a770326cf88dc4142021-12-21 12:20:30.200root 11241100x8000000000000000652713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ef712364efb2f32021-12-21 12:20:30.201root 11241100x8000000000000000652714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f559126ab437ca2021-12-21 12:20:30.201root 11241100x8000000000000000652715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0095c4b6378d82052021-12-21 12:20:30.202root 11241100x8000000000000000652716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafed617748259b02021-12-21 12:20:30.202root 11241100x8000000000000000652717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16c552c4b1af1f12021-12-21 12:20:30.203root 11241100x8000000000000000652718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddf1c20d11500172021-12-21 12:20:30.203root 11241100x8000000000000000652719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bff18d6e209a452021-12-21 12:20:30.203root 11241100x8000000000000000652720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa6dd0d3c06f04e2021-12-21 12:20:30.203root 11241100x8000000000000000652721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf861f2c85f893672021-12-21 12:20:30.203root 11241100x8000000000000000652722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64db19bf6c02b582021-12-21 12:20:30.203root 11241100x8000000000000000652723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a5fb5a78e8b1f32021-12-21 12:20:30.203root 11241100x8000000000000000652724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a61a3834d5a37082021-12-21 12:20:30.203root 11241100x8000000000000000652725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a57c525f07da782021-12-21 12:20:30.693root 11241100x8000000000000000652726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a6fd44572c4d862021-12-21 12:20:30.693root 11241100x8000000000000000652727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764a0d62e103cd1b2021-12-21 12:20:30.693root 11241100x8000000000000000652728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96c5ccffc3229602021-12-21 12:20:30.693root 11241100x8000000000000000652729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fc3b8014c8f4722021-12-21 12:20:30.693root 11241100x8000000000000000652730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac395fa388f71ef42021-12-21 12:20:30.694root 11241100x8000000000000000652731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfda0606f75e4db42021-12-21 12:20:30.694root 11241100x8000000000000000652732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d6ddd740d55e5e2021-12-21 12:20:30.694root 11241100x8000000000000000652733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3d954a6015dc6b2021-12-21 12:20:30.694root 11241100x8000000000000000652734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a8b6d4de91711a2021-12-21 12:20:30.694root 11241100x8000000000000000652735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bb0af5d1e2c7162021-12-21 12:20:30.694root 11241100x8000000000000000652736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e25f39c69ad46782021-12-21 12:20:30.694root 11241100x8000000000000000652737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118ca5443c7164882021-12-21 12:20:30.694root 11241100x8000000000000000652738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b7c98e3b211be72021-12-21 12:20:30.694root 11241100x8000000000000000652739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61a284e01b226962021-12-21 12:20:30.694root 11241100x8000000000000000652740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb06223fd1e5e452021-12-21 12:20:30.694root 11241100x8000000000000000652741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5150fcebc4acaafa2021-12-21 12:20:30.695root 11241100x8000000000000000652742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe58271a9718b3582021-12-21 12:20:30.695root 11241100x8000000000000000652743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8803e10323a2e8a2021-12-21 12:20:30.695root 11241100x8000000000000000652744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30878ba27d3f54d42021-12-21 12:20:30.695root 11241100x8000000000000000652745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8d44bb0d6170932021-12-21 12:20:30.695root 354300x8000000000000000652746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.077{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49848-false10.0.1.12-8000- 11241100x8000000000000000652747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df181d72707398e02021-12-21 12:20:31.077root 11241100x8000000000000000652748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81482c22b3be7c0f2021-12-21 12:20:31.078root 11241100x8000000000000000652749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fd275e2c31e5c32021-12-21 12:20:31.078root 11241100x8000000000000000652750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebe7b23b7bc2fd52021-12-21 12:20:31.078root 11241100x8000000000000000652751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365e602cbf2f1e3a2021-12-21 12:20:31.078root 11241100x8000000000000000652752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd38c78ec15964d2021-12-21 12:20:31.078root 11241100x8000000000000000652753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04613a1707747f722021-12-21 12:20:31.078root 11241100x8000000000000000652754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522a56ed5765e3902021-12-21 12:20:31.078root 11241100x8000000000000000652755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371d5c70aaebf90c2021-12-21 12:20:31.078root 11241100x8000000000000000652756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400408463e4e64292021-12-21 12:20:31.078root 11241100x8000000000000000652757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa0951eaf9f92ec2021-12-21 12:20:31.078root 11241100x8000000000000000652758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b0b1b6880d59162021-12-21 12:20:31.078root 11241100x8000000000000000652759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.079{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368d603526b2d1462021-12-21 12:20:31.079root 11241100x8000000000000000652760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.079{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656dd912a8e540762021-12-21 12:20:31.079root 11241100x8000000000000000652761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.079{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a05218077e680832021-12-21 12:20:31.079root 11241100x8000000000000000652762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.079{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2870e02e86f16cec2021-12-21 12:20:31.079root 11241100x8000000000000000652763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.079{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a1ea92d27b11982021-12-21 12:20:31.079root 11241100x8000000000000000652764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5ded31f879fa912021-12-21 12:20:31.080root 11241100x8000000000000000652765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf80927b8fed2182021-12-21 12:20:31.080root 11241100x8000000000000000652766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a34d1ac61b8e3802021-12-21 12:20:31.080root 11241100x8000000000000000652767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe38b171916184952021-12-21 12:20:31.080root 11241100x8000000000000000652768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c173644444da562021-12-21 12:20:31.080root 11241100x8000000000000000652769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c8ac8bbe9734012021-12-21 12:20:31.080root 11241100x8000000000000000652770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738ed6743f5833e32021-12-21 12:20:31.080root 11241100x8000000000000000652771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef22eaa70f3cc9b52021-12-21 12:20:31.080root 11241100x8000000000000000652772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c7f4d87441d44d2021-12-21 12:20:31.080root 11241100x8000000000000000652773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db66fa801d354372021-12-21 12:20:31.080root 11241100x8000000000000000652774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eaf1c1940a255612021-12-21 12:20:31.080root 11241100x8000000000000000652775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16062c8971ea662c2021-12-21 12:20:31.443root 11241100x8000000000000000652776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ac45ba25b7c76d2021-12-21 12:20:31.443root 11241100x8000000000000000652777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2322314861cb352021-12-21 12:20:31.443root 11241100x8000000000000000652778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4f03fd8397831c2021-12-21 12:20:31.443root 11241100x8000000000000000652779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ea1e3407df90d02021-12-21 12:20:31.443root 11241100x8000000000000000652780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63300596df47796a2021-12-21 12:20:31.443root 11241100x8000000000000000652781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13345dc83d0b53b52021-12-21 12:20:31.443root 11241100x8000000000000000652782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15daea1e0d4c8b732021-12-21 12:20:31.443root 11241100x8000000000000000652783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c278ae75a988af02021-12-21 12:20:31.443root 11241100x8000000000000000652784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b833fee3c594452021-12-21 12:20:31.443root 11241100x8000000000000000652785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e4c10a63cb3ed32021-12-21 12:20:31.443root 11241100x8000000000000000652786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f30434c9f1955a2021-12-21 12:20:31.444root 11241100x8000000000000000652787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6214a9f642b2b4a32021-12-21 12:20:31.444root 11241100x8000000000000000652788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec884bd767e2e642021-12-21 12:20:31.444root 11241100x8000000000000000652789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00eafdfec96a8c52021-12-21 12:20:31.444root 11241100x8000000000000000652790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c787a9c395eb62a2021-12-21 12:20:31.444root 11241100x8000000000000000652791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92f1d15456829502021-12-21 12:20:31.444root 11241100x8000000000000000652792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c89db469ed711062021-12-21 12:20:31.445root 11241100x8000000000000000652793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa31063ae3440982021-12-21 12:20:31.445root 11241100x8000000000000000652794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066318e26178b52e2021-12-21 12:20:31.445root 11241100x8000000000000000652795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d87c7dc6576e8572021-12-21 12:20:31.445root 11241100x8000000000000000652796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3b22e9180def9b2021-12-21 12:20:31.445root 11241100x8000000000000000652797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a671957bf3fa858e2021-12-21 12:20:31.445root 11241100x8000000000000000652798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb5729feaf799b22021-12-21 12:20:31.446root 11241100x8000000000000000652799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94dcba6cc0a3ffc2021-12-21 12:20:31.943root 11241100x8000000000000000652800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc66cd071e493e72021-12-21 12:20:31.943root 11241100x8000000000000000652801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bdb598ecd9bae52021-12-21 12:20:31.943root 11241100x8000000000000000652802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84c6697badcce1b2021-12-21 12:20:31.943root 11241100x8000000000000000652803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108feab728b3e3ed2021-12-21 12:20:31.944root 11241100x8000000000000000652804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86069e1e468d8342021-12-21 12:20:31.944root 11241100x8000000000000000652805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44acc46135d6b59d2021-12-21 12:20:31.944root 11241100x8000000000000000652806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac3cd2d072b0f9c2021-12-21 12:20:31.944root 11241100x8000000000000000652807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa92788e6e5d7a4c2021-12-21 12:20:31.944root 11241100x8000000000000000652808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5e3e8c8738606c2021-12-21 12:20:31.944root 11241100x8000000000000000652809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ab287d50dc5cd52021-12-21 12:20:31.944root 11241100x8000000000000000652810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac08958ed0876562021-12-21 12:20:31.944root 11241100x8000000000000000652811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0500afc807e50c3d2021-12-21 12:20:31.944root 11241100x8000000000000000652812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ae987bf9bec00b2021-12-21 12:20:31.944root 11241100x8000000000000000652813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67f0c34ae3c5e9c2021-12-21 12:20:31.944root 11241100x8000000000000000652814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161ad19942bd70972021-12-21 12:20:31.945root 11241100x8000000000000000652815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d634a4eb37ca36b32021-12-21 12:20:31.945root 11241100x8000000000000000652816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64697fd12ee4e9f22021-12-21 12:20:31.945root 11241100x8000000000000000652817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8ee9f6d27275dc2021-12-21 12:20:31.945root 11241100x8000000000000000652818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8ef129f323f7df2021-12-21 12:20:31.945root 11241100x8000000000000000652819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5919682e085986ed2021-12-21 12:20:31.945root 11241100x8000000000000000652820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d7ccaaf176b6a72021-12-21 12:20:31.945root 11241100x8000000000000000652821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae76073a93552d52021-12-21 12:20:32.443root 11241100x8000000000000000652822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5839023c842de4582021-12-21 12:20:32.443root 11241100x8000000000000000652823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968b1ab4948645e72021-12-21 12:20:32.443root 11241100x8000000000000000652824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f9391ce42f00b52021-12-21 12:20:32.443root 11241100x8000000000000000652825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9ad9be138798492021-12-21 12:20:32.444root 11241100x8000000000000000652826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8be9b48bd088e52021-12-21 12:20:32.444root 11241100x8000000000000000652827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcb67b2704b6e8e2021-12-21 12:20:32.444root 11241100x8000000000000000652828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560f2ecb9637239e2021-12-21 12:20:32.444root 11241100x8000000000000000652829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9483a5db8f8206d2021-12-21 12:20:32.444root 11241100x8000000000000000652830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c053c8874622b9e2021-12-21 12:20:32.444root 11241100x8000000000000000652831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8217662e5f80bb4c2021-12-21 12:20:32.444root 11241100x8000000000000000652832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26f56727cdd7e6e2021-12-21 12:20:32.445root 11241100x8000000000000000652833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72167d1ff0ccacad2021-12-21 12:20:32.445root 11241100x8000000000000000652834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0ecb7239aef08d2021-12-21 12:20:32.445root 11241100x8000000000000000652835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5075089b0b3675b62021-12-21 12:20:32.445root 11241100x8000000000000000652836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79243b953e49b7682021-12-21 12:20:32.445root 11241100x8000000000000000652837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63095da1567b8ee2021-12-21 12:20:32.445root 11241100x8000000000000000652838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9aff7376de49f12021-12-21 12:20:32.445root 11241100x8000000000000000652839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be074282767bae952021-12-21 12:20:32.445root 11241100x8000000000000000652840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a8b8eccb28adc42021-12-21 12:20:32.445root 11241100x8000000000000000652841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f96cdcbd46326542021-12-21 12:20:32.445root 11241100x8000000000000000652842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c504e0676b785e692021-12-21 12:20:32.445root 11241100x8000000000000000652843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e47f6dbb512f212021-12-21 12:20:32.445root 11241100x8000000000000000652844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7df82d33f86147b2021-12-21 12:20:32.445root 11241100x8000000000000000652845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db268b6f1090e69c2021-12-21 12:20:32.445root 11241100x8000000000000000652846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35daeabb49cd2d852021-12-21 12:20:32.943root 11241100x8000000000000000652847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70418bdc837c30a62021-12-21 12:20:32.943root 11241100x8000000000000000652848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a0dc0e7ab32ee52021-12-21 12:20:32.943root 11241100x8000000000000000652849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd97aebdcac358f2021-12-21 12:20:32.943root 11241100x8000000000000000652850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c915c34a4951f3572021-12-21 12:20:32.943root 11241100x8000000000000000652851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9476edbd6de8ad692021-12-21 12:20:32.943root 11241100x8000000000000000652852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33202372badf74b2021-12-21 12:20:32.943root 11241100x8000000000000000652853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409392c78d1ea77d2021-12-21 12:20:32.944root 11241100x8000000000000000652854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0619e2e5e30325e22021-12-21 12:20:32.944root 11241100x8000000000000000652855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc21f14a6b547e92021-12-21 12:20:32.944root 11241100x8000000000000000652856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2f0402be37ac922021-12-21 12:20:32.945root 11241100x8000000000000000652857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7247ab7d033fa6152021-12-21 12:20:32.945root 11241100x8000000000000000652858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d14e6bf93174e662021-12-21 12:20:32.945root 11241100x8000000000000000652859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb9e20d5f9cd0c12021-12-21 12:20:32.945root 11241100x8000000000000000652860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0cacad2d2c86282021-12-21 12:20:32.945root 11241100x8000000000000000652861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4939d3fbc9960f0d2021-12-21 12:20:32.945root 11241100x8000000000000000652862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570e305606ca9fe52021-12-21 12:20:32.945root 11241100x8000000000000000652863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6527ae55391a42522021-12-21 12:20:32.946root 11241100x8000000000000000652864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af70090b575c824b2021-12-21 12:20:32.946root 11241100x8000000000000000652865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c53b3dd815d05a02021-12-21 12:20:32.946root 11241100x8000000000000000652866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cf6465f01da58e2021-12-21 12:20:32.946root 11241100x8000000000000000652867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d21d979d3848a112021-12-21 12:20:32.946root 11241100x8000000000000000652868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc292ebd260a5cb2021-12-21 12:20:32.946root 11241100x8000000000000000652869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a5a465b4d583192021-12-21 12:20:32.946root 11241100x8000000000000000652870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9106c1d0a4b08bae2021-12-21 12:20:33.443root 11241100x8000000000000000652871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1233dc6b5d593962021-12-21 12:20:33.443root 11241100x8000000000000000652872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e20fd0b9c5cb332021-12-21 12:20:33.443root 11241100x8000000000000000652873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adc1c99fac270c52021-12-21 12:20:33.443root 11241100x8000000000000000652874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b295f811b1fe4b242021-12-21 12:20:33.444root 11241100x8000000000000000652875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084f9eeb9aa118162021-12-21 12:20:33.444root 11241100x8000000000000000652876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3b4a8e23bead6b2021-12-21 12:20:33.444root 11241100x8000000000000000652877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554ec3be988e10042021-12-21 12:20:33.444root 11241100x8000000000000000652878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f606cb73e0fde8172021-12-21 12:20:33.444root 11241100x8000000000000000652879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ab3e9608c21d942021-12-21 12:20:33.444root 11241100x8000000000000000652880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409dd0c5202d03682021-12-21 12:20:33.444root 11241100x8000000000000000652881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ff0044cd78c09c2021-12-21 12:20:33.444root 11241100x8000000000000000652882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a95cb4f7b6500962021-12-21 12:20:33.444root 11241100x8000000000000000652883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76054f7de28f583d2021-12-21 12:20:33.444root 11241100x8000000000000000652884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe0bc77d18c32f42021-12-21 12:20:33.444root 11241100x8000000000000000652885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850421f13fc8aac22021-12-21 12:20:33.444root 11241100x8000000000000000652886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f118e118f937cd7e2021-12-21 12:20:33.444root 11241100x8000000000000000652887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbff5c765b1fca42021-12-21 12:20:33.445root 11241100x8000000000000000652888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27abffeed43509672021-12-21 12:20:33.445root 11241100x8000000000000000652889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abb4c758ab302e42021-12-21 12:20:33.445root 11241100x8000000000000000652890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d6138ba40807492021-12-21 12:20:33.445root 11241100x8000000000000000652891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68987bfb0428f8932021-12-21 12:20:33.445root 11241100x8000000000000000652892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13add86c2525d6e2021-12-21 12:20:33.943root 11241100x8000000000000000652893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4507c82a59ba872021-12-21 12:20:33.943root 11241100x8000000000000000652894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412488bd9ce4e0de2021-12-21 12:20:33.943root 11241100x8000000000000000652895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71ea0980fa7ca972021-12-21 12:20:33.943root 11241100x8000000000000000652896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53f316c2e8414ae2021-12-21 12:20:33.943root 11241100x8000000000000000652897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493ef8a50ef4d7fa2021-12-21 12:20:33.943root 11241100x8000000000000000652898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8397f8ee058d3112021-12-21 12:20:33.943root 11241100x8000000000000000652899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b503eeddd1cf4c82021-12-21 12:20:33.944root 11241100x8000000000000000652900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9dbe14a28fcd492021-12-21 12:20:33.944root 11241100x8000000000000000652901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d96c0089c6cbfe62021-12-21 12:20:33.944root 11241100x8000000000000000652902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7803e6c9267bfecb2021-12-21 12:20:33.944root 11241100x8000000000000000652903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f973948461ff842021-12-21 12:20:33.944root 11241100x8000000000000000652904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09aa2136bd5670b2021-12-21 12:20:33.944root 11241100x8000000000000000652905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249b9316a9a4dad32021-12-21 12:20:33.944root 11241100x8000000000000000652906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0936f7dc11e35742021-12-21 12:20:33.945root 11241100x8000000000000000652907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef46dde1c0b760f22021-12-21 12:20:33.945root 11241100x8000000000000000652908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6ba29fc38854992021-12-21 12:20:33.945root 11241100x8000000000000000652909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420375e89934cdea2021-12-21 12:20:33.945root 11241100x8000000000000000652910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9734428c2d1ec662021-12-21 12:20:33.945root 11241100x8000000000000000652911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82fa1c3299e918d2021-12-21 12:20:33.945root 11241100x8000000000000000652912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a384bd5127d7832021-12-21 12:20:33.946root 11241100x8000000000000000652913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35316659bb07b79c2021-12-21 12:20:33.946root 11241100x8000000000000000652914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b73aa364f8f48bc2021-12-21 12:20:34.443root 11241100x8000000000000000652915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe66387099db1b32021-12-21 12:20:34.443root 11241100x8000000000000000652916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9903a97180c6f22021-12-21 12:20:34.443root 11241100x8000000000000000652917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb281f0710ee1e232021-12-21 12:20:34.444root 11241100x8000000000000000652918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2633604942c1f2912021-12-21 12:20:34.444root 11241100x8000000000000000652919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e306d1dcdf9b232021-12-21 12:20:34.444root 11241100x8000000000000000652920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295e8f8dc02c08b42021-12-21 12:20:34.444root 11241100x8000000000000000652921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb1c7fc3fbfacc82021-12-21 12:20:34.444root 11241100x8000000000000000652922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de4fb6ff5ccbdaa2021-12-21 12:20:34.444root 11241100x8000000000000000652923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a648883758ad6572021-12-21 12:20:34.445root 11241100x8000000000000000652924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8bd75d5294097f2021-12-21 12:20:34.445root 11241100x8000000000000000652925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff08aebe270b5eb52021-12-21 12:20:34.445root 11241100x8000000000000000652926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7490c44ad092d5fc2021-12-21 12:20:34.445root 11241100x8000000000000000652927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7459211c0c58120b2021-12-21 12:20:34.445root 11241100x8000000000000000652928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a683ddcbf25939252021-12-21 12:20:34.446root 11241100x8000000000000000652929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53d26c995ed14df2021-12-21 12:20:34.446root 11241100x8000000000000000652930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf3fc8304eac5f22021-12-21 12:20:34.446root 11241100x8000000000000000652931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a567a22895be51c2021-12-21 12:20:34.446root 11241100x8000000000000000652932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53372909a41401de2021-12-21 12:20:34.446root 11241100x8000000000000000652933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25ad0bcc92d94be2021-12-21 12:20:34.446root 11241100x8000000000000000652934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6817e57e68d14a9e2021-12-21 12:20:34.447root 11241100x8000000000000000652935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2f488e731e6e7e2021-12-21 12:20:34.447root 11241100x8000000000000000652936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ab59c6abed2afe2021-12-21 12:20:34.943root 11241100x8000000000000000652937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f132c410118348c2021-12-21 12:20:34.943root 11241100x8000000000000000652938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4218984e3711c22d2021-12-21 12:20:34.943root 11241100x8000000000000000652939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2012b5c2156b3a8f2021-12-21 12:20:34.943root 11241100x8000000000000000652940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4890abad42ca134d2021-12-21 12:20:34.943root 11241100x8000000000000000652941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3729fe850d0d632f2021-12-21 12:20:34.944root 11241100x8000000000000000652942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045ae0799bbb40dc2021-12-21 12:20:34.944root 11241100x8000000000000000652943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2681aacc348b5882021-12-21 12:20:34.944root 11241100x8000000000000000652944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0cf3adc2411d3f2021-12-21 12:20:34.944root 11241100x8000000000000000652945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4cd303f29866dd2021-12-21 12:20:34.944root 11241100x8000000000000000652946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2968eda7b8008d822021-12-21 12:20:34.944root 11241100x8000000000000000652947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0b01e4a00f3b882021-12-21 12:20:34.944root 11241100x8000000000000000652948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bd056d23c6c9952021-12-21 12:20:34.945root 11241100x8000000000000000652949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40351be1020f8bc72021-12-21 12:20:34.946root 11241100x8000000000000000652950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4e6300b0f89ffe2021-12-21 12:20:34.946root 11241100x8000000000000000652951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7829a608a33dd3d2021-12-21 12:20:34.946root 11241100x8000000000000000652952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcdf92e22956a822021-12-21 12:20:34.946root 11241100x8000000000000000652953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1b925e1e3f83d82021-12-21 12:20:34.946root 11241100x8000000000000000652954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbe3c2707f6bdff2021-12-21 12:20:34.946root 11241100x8000000000000000652955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce702459c85453902021-12-21 12:20:34.946root 11241100x8000000000000000652956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a3c06fc862d3f62021-12-21 12:20:34.946root 11241100x8000000000000000652957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b9b4ee6af5575e2021-12-21 12:20:34.946root 11241100x8000000000000000652958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce2f95c5f0492bc2021-12-21 12:20:35.443root 11241100x8000000000000000652959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4516af2d77566e662021-12-21 12:20:35.443root 11241100x8000000000000000652960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe087118f505f1e2021-12-21 12:20:35.443root 11241100x8000000000000000652961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6935d415286ca7fc2021-12-21 12:20:35.443root 11241100x8000000000000000652962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9cb86ae90c9a382021-12-21 12:20:35.443root 11241100x8000000000000000652963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540c985eb58b2a6c2021-12-21 12:20:35.443root 11241100x8000000000000000652964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9a9a443bc19d6b2021-12-21 12:20:35.443root 11241100x8000000000000000652965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1abe18cac16aff2021-12-21 12:20:35.444root 11241100x8000000000000000652966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6167a938818128052021-12-21 12:20:35.444root 11241100x8000000000000000652967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae38c48ceb46c6a62021-12-21 12:20:35.444root 11241100x8000000000000000652968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07264ed8b8fd1c052021-12-21 12:20:35.444root 11241100x8000000000000000652969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33f4d363284b7a52021-12-21 12:20:35.444root 11241100x8000000000000000652970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1f7e2e1c44a4752021-12-21 12:20:35.445root 11241100x8000000000000000652971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25585c96d08300842021-12-21 12:20:35.445root 11241100x8000000000000000652972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b412786852a379d2021-12-21 12:20:35.445root 11241100x8000000000000000652973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0e4450e16761002021-12-21 12:20:35.445root 11241100x8000000000000000652974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e097e491b657092a2021-12-21 12:20:35.445root 11241100x8000000000000000652975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a170c0a63f5cb212021-12-21 12:20:35.445root 11241100x8000000000000000652976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029821203a9127822021-12-21 12:20:35.445root 11241100x8000000000000000652977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c56ba24ab57a7b22021-12-21 12:20:35.446root 11241100x8000000000000000652978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26343440a0f91932021-12-21 12:20:35.446root 11241100x8000000000000000652979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b462ffe91d93ec502021-12-21 12:20:35.446root 11241100x8000000000000000652980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7beb12e72ccccf2021-12-21 12:20:35.943root 11241100x8000000000000000652981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61147c0f764be7fc2021-12-21 12:20:35.943root 11241100x8000000000000000652982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9d1396a0a27cb22021-12-21 12:20:35.944root 11241100x8000000000000000652983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f80cf5d0c5fb8042021-12-21 12:20:35.944root 11241100x8000000000000000652984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff93d3ecd79983d82021-12-21 12:20:35.944root 11241100x8000000000000000652985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c319f643fc5f8c2021-12-21 12:20:35.944root 11241100x8000000000000000652986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0d802003e117272021-12-21 12:20:35.944root 11241100x8000000000000000652987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41dd92c3879f42932021-12-21 12:20:35.944root 11241100x8000000000000000652988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab45b50b644b77bc2021-12-21 12:20:35.944root 11241100x8000000000000000652989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7b9b6e23d9c3d32021-12-21 12:20:35.944root 11241100x8000000000000000652990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca9fc5e29e410732021-12-21 12:20:35.944root 11241100x8000000000000000652991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912278accfd1d01a2021-12-21 12:20:35.944root 11241100x8000000000000000652992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a9f513bbd757482021-12-21 12:20:35.944root 11241100x8000000000000000652993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6377e73c186fcdad2021-12-21 12:20:35.944root 11241100x8000000000000000652994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb03bd18b2d38bbf2021-12-21 12:20:35.945root 11241100x8000000000000000652995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cd2f06b0737abd2021-12-21 12:20:35.945root 11241100x8000000000000000652996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e1ae87e631b7fc2021-12-21 12:20:35.945root 11241100x8000000000000000652997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c673d14e35cc31d82021-12-21 12:20:35.945root 11241100x8000000000000000652998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9ba0bbfecb7a902021-12-21 12:20:35.945root 11241100x8000000000000000652999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a94ddecc373ada32021-12-21 12:20:35.945root 11241100x8000000000000000653000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a74aa771e446e12021-12-21 12:20:35.945root 11241100x8000000000000000653001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8336f92689d052972021-12-21 12:20:35.946root 11241100x8000000000000000653002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.143{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:20:36.143root 11241100x8000000000000000653003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d0989a4af83b2e2021-12-21 12:20:36.443root 11241100x8000000000000000653004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fdb5b8838be7802021-12-21 12:20:36.443root 11241100x8000000000000000653005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a18940ee95f46fa2021-12-21 12:20:36.443root 11241100x8000000000000000653006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10466423494e7e2b2021-12-21 12:20:36.443root 11241100x8000000000000000653007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211abd73f28ab6622021-12-21 12:20:36.443root 11241100x8000000000000000653008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbfd06ff6b86bf42021-12-21 12:20:36.443root 11241100x8000000000000000653009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4001539f523a69a2021-12-21 12:20:36.444root 11241100x8000000000000000653010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872758d5f0d698d42021-12-21 12:20:36.444root 11241100x8000000000000000653011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b8592bf022cd272021-12-21 12:20:36.444root 11241100x8000000000000000653012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ab2328256edd512021-12-21 12:20:36.445root 11241100x8000000000000000653013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967a1acba247fb912021-12-21 12:20:36.445root 11241100x8000000000000000653014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e01dbc4208193f2021-12-21 12:20:36.445root 11241100x8000000000000000653015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a40d0fc8038085b2021-12-21 12:20:36.445root 11241100x8000000000000000653016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09e86cc623282012021-12-21 12:20:36.445root 11241100x8000000000000000653017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55bb3ccbcc345f12021-12-21 12:20:36.445root 11241100x8000000000000000653018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17464e32c7b6780d2021-12-21 12:20:36.446root 11241100x8000000000000000653019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f649752b7a3221292021-12-21 12:20:36.446root 11241100x8000000000000000653020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08879c739d959492021-12-21 12:20:36.446root 11241100x8000000000000000653021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fbaf88a71925bd2021-12-21 12:20:36.446root 11241100x8000000000000000653022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2522980fde9d742021-12-21 12:20:36.446root 11241100x8000000000000000653023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2521b6fcdb0a48b82021-12-21 12:20:36.447root 11241100x8000000000000000653024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcfe6f8d8a8dcd72021-12-21 12:20:36.447root 11241100x8000000000000000653025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad79753cf0aafd22021-12-21 12:20:36.447root 11241100x8000000000000000653026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362c69eed25e7a4f2021-12-21 12:20:36.943root 11241100x8000000000000000653027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d3c961373a16e72021-12-21 12:20:36.943root 11241100x8000000000000000653028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ad1480a5c75ef92021-12-21 12:20:36.943root 11241100x8000000000000000653029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b13dd97a721b1e2021-12-21 12:20:36.943root 11241100x8000000000000000653030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25d2c5b4ba729842021-12-21 12:20:36.943root 11241100x8000000000000000653031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb0c12005c77f9e2021-12-21 12:20:36.944root 11241100x8000000000000000653032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc96350fd0254e82021-12-21 12:20:36.944root 11241100x8000000000000000653033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae528006894c2ef62021-12-21 12:20:36.944root 11241100x8000000000000000653034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de1b2bace50ce222021-12-21 12:20:36.944root 11241100x8000000000000000653035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984767b44d1fa1982021-12-21 12:20:36.944root 11241100x8000000000000000653036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a04d578c6ea90b2021-12-21 12:20:36.944root 11241100x8000000000000000653037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41865f2bda1a40fc2021-12-21 12:20:36.944root 11241100x8000000000000000653038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971fd65407c8479c2021-12-21 12:20:36.944root 11241100x8000000000000000653039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5e5f7518071eb32021-12-21 12:20:36.944root 11241100x8000000000000000653040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1456b97216950ae2021-12-21 12:20:36.945root 11241100x8000000000000000653041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c33a01f5d8a3032021-12-21 12:20:36.946root 11241100x8000000000000000653042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97831a338d38f782021-12-21 12:20:36.946root 11241100x8000000000000000653043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923f2e97b9a72c8e2021-12-21 12:20:36.946root 11241100x8000000000000000653044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8c99fd2a76eb272021-12-21 12:20:36.946root 11241100x8000000000000000653045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d5c4ca715ca7a52021-12-21 12:20:36.946root 11241100x8000000000000000653046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4d8e6b1292cb952021-12-21 12:20:36.946root 11241100x8000000000000000653047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd3121400f3e3632021-12-21 12:20:36.947root 11241100x8000000000000000653048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692be05d8057ed522021-12-21 12:20:36.947root 11241100x8000000000000000653049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0295931aeac6c202021-12-21 12:20:36.947root 11241100x8000000000000000653050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57edd167adb400772021-12-21 12:20:36.947root 11241100x8000000000000000653051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8592f375c86496672021-12-21 12:20:36.947root 11241100x8000000000000000653052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b190537d46108ef72021-12-21 12:20:36.947root 11241100x8000000000000000653053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78359c8e53b81fe2021-12-21 12:20:36.947root 11241100x8000000000000000653054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff802875081bdc12021-12-21 12:20:36.948root 11241100x8000000000000000653055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685311960f7502aa2021-12-21 12:20:36.948root 11241100x8000000000000000653056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a705e9c0402d7d652021-12-21 12:20:36.948root 11241100x8000000000000000653057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:36.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bd9c8b45e500f12021-12-21 12:20:36.948root 354300x8000000000000000653058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.012{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49850-false10.0.1.12-8000- 11241100x8000000000000000653059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603c21926c5788fc2021-12-21 12:20:37.443root 11241100x8000000000000000653060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f198f908efd79852021-12-21 12:20:37.443root 11241100x8000000000000000653061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec1f2ceb32fef9f2021-12-21 12:20:37.443root 11241100x8000000000000000653062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08352cbed01518152021-12-21 12:20:37.443root 11241100x8000000000000000653063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfa4a2ef9fd963b2021-12-21 12:20:37.443root 11241100x8000000000000000653064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f456c8ed7598d6642021-12-21 12:20:37.443root 11241100x8000000000000000653065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023892e07165adde2021-12-21 12:20:37.443root 11241100x8000000000000000653066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb6844e0cc9b0e02021-12-21 12:20:37.443root 11241100x8000000000000000653067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c9b0e0d671afaa2021-12-21 12:20:37.444root 11241100x8000000000000000653068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45572d4f0ae707f62021-12-21 12:20:37.444root 11241100x8000000000000000653069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963ed1e26efceeef2021-12-21 12:20:37.444root 11241100x8000000000000000653070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c82a36e4d300712021-12-21 12:20:37.444root 11241100x8000000000000000653071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09b4174564874542021-12-21 12:20:37.444root 11241100x8000000000000000653072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360947ad940431962021-12-21 12:20:37.445root 11241100x8000000000000000653073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66b7b075e2611382021-12-21 12:20:37.445root 11241100x8000000000000000653074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645cde9c7d4b52e72021-12-21 12:20:37.445root 11241100x8000000000000000653075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31531fd8f50a3db72021-12-21 12:20:37.445root 11241100x8000000000000000653076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1379880ba20efdf2021-12-21 12:20:37.445root 11241100x8000000000000000653077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b913dfb5d713481f2021-12-21 12:20:37.445root 11241100x8000000000000000653078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9c865f0f7746572021-12-21 12:20:37.445root 11241100x8000000000000000653079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867716519bd299962021-12-21 12:20:37.445root 11241100x8000000000000000653080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475f7605500f24bf2021-12-21 12:20:37.445root 11241100x8000000000000000653081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d560652c72d679f2021-12-21 12:20:37.445root 11241100x8000000000000000653082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0991f982c7dd57502021-12-21 12:20:37.445root 11241100x8000000000000000653083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b0764e44b03d5d2021-12-21 12:20:37.445root 11241100x8000000000000000653084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afe209e35404e0e2021-12-21 12:20:37.943root 11241100x8000000000000000653085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0da62531b5bdbb2021-12-21 12:20:37.943root 11241100x8000000000000000653086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efbd89d40bb75a12021-12-21 12:20:37.943root 11241100x8000000000000000653087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ded068ba9e4d612021-12-21 12:20:37.943root 11241100x8000000000000000653088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbaf2ae4a3406972021-12-21 12:20:37.944root 11241100x8000000000000000653089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4451fe8e428e05212021-12-21 12:20:37.944root 11241100x8000000000000000653090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bb189cf57960ac2021-12-21 12:20:37.944root 11241100x8000000000000000653091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012fb48bb08c2e6f2021-12-21 12:20:37.944root 11241100x8000000000000000653092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b6d241913ab6242021-12-21 12:20:37.944root 11241100x8000000000000000653093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c935f551bd7c3af2021-12-21 12:20:37.944root 11241100x8000000000000000653094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb563d0a8a8281d92021-12-21 12:20:37.944root 11241100x8000000000000000653095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0337f7732277b6e52021-12-21 12:20:37.944root 11241100x8000000000000000653096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb536d22516a9c02021-12-21 12:20:37.944root 11241100x8000000000000000653097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c4c94a896f28762021-12-21 12:20:37.944root 11241100x8000000000000000653098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adeee734461ba9d62021-12-21 12:20:37.944root 11241100x8000000000000000653099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869fc0bb2404d8772021-12-21 12:20:37.944root 11241100x8000000000000000653100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2a80f9d405f6a02021-12-21 12:20:37.945root 11241100x8000000000000000653101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b6c1b7cbf13dc42021-12-21 12:20:37.945root 11241100x8000000000000000653102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea57fa72a5751ac62021-12-21 12:20:37.945root 11241100x8000000000000000653103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51af8ce055c6781f2021-12-21 12:20:37.945root 11241100x8000000000000000653104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58e6616501ad6522021-12-21 12:20:37.945root 11241100x8000000000000000653105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d1475587e1121b2021-12-21 12:20:37.945root 11241100x8000000000000000653106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f87c655169fdf0f2021-12-21 12:20:37.945root 11241100x8000000000000000653107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6401a7da23afe3742021-12-21 12:20:37.945root 11241100x8000000000000000653108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010f4cdcf16196c72021-12-21 12:20:38.443root 11241100x8000000000000000653109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ac11757d405c352021-12-21 12:20:38.443root 11241100x8000000000000000653110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d77ee0ff8da38a12021-12-21 12:20:38.444root 11241100x8000000000000000653111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a19b9018e9ccc32021-12-21 12:20:38.444root 11241100x8000000000000000653112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01871f41f72f8f632021-12-21 12:20:38.444root 11241100x8000000000000000653113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb37e3f803e4713c2021-12-21 12:20:38.444root 11241100x8000000000000000653114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ce2e88d34561632021-12-21 12:20:38.444root 11241100x8000000000000000653115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d2a1a8487914ab2021-12-21 12:20:38.444root 11241100x8000000000000000653116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e84935b915a0512021-12-21 12:20:38.444root 11241100x8000000000000000653117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101d5d1a97b3ba302021-12-21 12:20:38.444root 11241100x8000000000000000653118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fc51fe6e6cba532021-12-21 12:20:38.444root 11241100x8000000000000000653119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37208ff079b6e2b2021-12-21 12:20:38.444root 11241100x8000000000000000653120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1319111f7d58ece2021-12-21 12:20:38.445root 11241100x8000000000000000653121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abe3ff4d914aac62021-12-21 12:20:38.445root 11241100x8000000000000000653122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baae2ec09309d4c22021-12-21 12:20:38.445root 11241100x8000000000000000653123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f876cb819c37c12021-12-21 12:20:38.445root 11241100x8000000000000000653124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc38f4296a09d5792021-12-21 12:20:38.445root 11241100x8000000000000000653125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57833faefad5907d2021-12-21 12:20:38.445root 11241100x8000000000000000653126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe97a782f4a9b262021-12-21 12:20:38.445root 11241100x8000000000000000653127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9dd8cf2c6d66b12021-12-21 12:20:38.445root 11241100x8000000000000000653128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6937a0b556b53b2021-12-21 12:20:38.445root 11241100x8000000000000000653129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e11660b3a526b452021-12-21 12:20:38.445root 11241100x8000000000000000653130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f5515e172709d82021-12-21 12:20:38.445root 11241100x8000000000000000653131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03906b50c753105a2021-12-21 12:20:38.445root 11241100x8000000000000000653132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdda1d9d597cd2cc2021-12-21 12:20:38.943root 11241100x8000000000000000653133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8566a99266423d2021-12-21 12:20:38.943root 11241100x8000000000000000653134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a997cdf2ba281a0b2021-12-21 12:20:38.943root 11241100x8000000000000000653135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380f340837e48f892021-12-21 12:20:38.943root 11241100x8000000000000000653136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a61a980fa3e86a2021-12-21 12:20:38.944root 11241100x8000000000000000653137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7460029593739502021-12-21 12:20:38.944root 11241100x8000000000000000653138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5904d727d8dcdff92021-12-21 12:20:38.944root 11241100x8000000000000000653139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bffe056fc7bf2a32021-12-21 12:20:38.944root 11241100x8000000000000000653140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447acbb9101388932021-12-21 12:20:38.944root 11241100x8000000000000000653141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3f0f12dcca11af2021-12-21 12:20:38.944root 11241100x8000000000000000653142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5db1fdd74c22142021-12-21 12:20:38.944root 11241100x8000000000000000653143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e116cd4cb3775c62021-12-21 12:20:38.944root 11241100x8000000000000000653144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8bba47e9d1dcbaa2021-12-21 12:20:38.944root 11241100x8000000000000000653145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddcd91e977667952021-12-21 12:20:38.944root 11241100x8000000000000000653146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84f7b2615dfdb012021-12-21 12:20:38.944root 11241100x8000000000000000653147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedc667b3068b65e2021-12-21 12:20:38.944root 11241100x8000000000000000653148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2710486748fb9342021-12-21 12:20:38.944root 11241100x8000000000000000653149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037764bcb67c0a212021-12-21 12:20:38.944root 11241100x8000000000000000653150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff00e3be16dacd62021-12-21 12:20:38.944root 11241100x8000000000000000653151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12088e935a79f9032021-12-21 12:20:38.944root 11241100x8000000000000000653152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee112447c8ed7132021-12-21 12:20:38.945root 11241100x8000000000000000653153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366617d7169e5d132021-12-21 12:20:38.945root 11241100x8000000000000000653154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd69f7dbb1968922021-12-21 12:20:38.945root 11241100x8000000000000000653155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2adc1829a63fad1f2021-12-21 12:20:38.945root 23542300x8000000000000000653156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.145{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000653157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac049ece7e2fb1ae2021-12-21 12:20:39.443root 11241100x8000000000000000653158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccef1545b267a9d2021-12-21 12:20:39.443root 11241100x8000000000000000653159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cab05a719a52fc2021-12-21 12:20:39.444root 11241100x8000000000000000653160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ae5bba2412b9172021-12-21 12:20:39.444root 11241100x8000000000000000653161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113abd8a320624f32021-12-21 12:20:39.444root 11241100x8000000000000000653162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f76c7c32bd616472021-12-21 12:20:39.444root 11241100x8000000000000000653163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfd6c6e00a03d712021-12-21 12:20:39.444root 11241100x8000000000000000653164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ddb94166b5670d2021-12-21 12:20:39.444root 11241100x8000000000000000653165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b1dc3b324e8e9d2021-12-21 12:20:39.444root 11241100x8000000000000000653166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9702db2f02f6057b2021-12-21 12:20:39.444root 11241100x8000000000000000653167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49423a92cf765bd22021-12-21 12:20:39.444root 11241100x8000000000000000653168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde95ba80bf7711a2021-12-21 12:20:39.444root 11241100x8000000000000000653169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfd932d82bf5a022021-12-21 12:20:39.444root 11241100x8000000000000000653170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6539ed4e566936032021-12-21 12:20:39.445root 11241100x8000000000000000653171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c92a5b7ad3920a2021-12-21 12:20:39.445root 11241100x8000000000000000653172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d24b036fb69fc42021-12-21 12:20:39.445root 11241100x8000000000000000653173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364534f0f7531ec72021-12-21 12:20:39.445root 11241100x8000000000000000653174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6c40cb0a3825202021-12-21 12:20:39.445root 11241100x8000000000000000653175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12589b064840c4a32021-12-21 12:20:39.445root 11241100x8000000000000000653176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144df6c247b0af5b2021-12-21 12:20:39.445root 11241100x8000000000000000653177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb1891b666a2def2021-12-21 12:20:39.445root 11241100x8000000000000000653178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345d7f5357672c352021-12-21 12:20:39.445root 11241100x8000000000000000653179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dff6e018559f5e2021-12-21 12:20:39.445root 11241100x8000000000000000653180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80987e351ad9ccb02021-12-21 12:20:39.445root 11241100x8000000000000000653181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8373de90c48e65d92021-12-21 12:20:39.445root 11241100x8000000000000000653182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2572ac99dc7e862021-12-21 12:20:39.943root 11241100x8000000000000000653183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e5f7304dc606402021-12-21 12:20:39.943root 11241100x8000000000000000653184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebe110ebf246f142021-12-21 12:20:39.943root 11241100x8000000000000000653185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe6dae25024863a2021-12-21 12:20:39.943root 11241100x8000000000000000653186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4489545cfb2d652021-12-21 12:20:39.944root 11241100x8000000000000000653187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee88940bba7f32e2021-12-21 12:20:39.944root 11241100x8000000000000000653188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dfbe09f25944aa2021-12-21 12:20:39.944root 11241100x8000000000000000653189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23256f87c3a3eb6b2021-12-21 12:20:39.944root 11241100x8000000000000000653190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ef19267e16c8f32021-12-21 12:20:39.944root 11241100x8000000000000000653191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b76bb79b2c6f6d72021-12-21 12:20:39.944root 11241100x8000000000000000653192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13152ce64faa3422021-12-21 12:20:39.944root 11241100x8000000000000000653193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef7a44cd5775a072021-12-21 12:20:39.944root 11241100x8000000000000000653194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b57e2a5a31d7cf12021-12-21 12:20:39.944root 11241100x8000000000000000653195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fc140d81a8f8f12021-12-21 12:20:39.944root 11241100x8000000000000000653196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194fe26ba0de32a32021-12-21 12:20:39.944root 11241100x8000000000000000653197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d961612b33df12e02021-12-21 12:20:39.944root 11241100x8000000000000000653198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cbd419cd76efe32021-12-21 12:20:39.944root 11241100x8000000000000000653199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff0ee49af9aaf5e2021-12-21 12:20:39.944root 11241100x8000000000000000653200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db1eafe9a0a7a2c2021-12-21 12:20:39.944root 11241100x8000000000000000653201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1308d6cb4135ed32021-12-21 12:20:39.944root 11241100x8000000000000000653202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96e0b1d88d207812021-12-21 12:20:39.945root 11241100x8000000000000000653203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d6e2a967809b2e2021-12-21 12:20:39.945root 11241100x8000000000000000653204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace9952f1f4589f12021-12-21 12:20:39.945root 11241100x8000000000000000653205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c221c8b1a94b3bc2021-12-21 12:20:39.945root 11241100x8000000000000000653206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d5f8ae15218a792021-12-21 12:20:39.945root 11241100x8000000000000000653207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9639716a72711e4d2021-12-21 12:20:39.945root 11241100x8000000000000000653208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a03277e7a5dcb0e2021-12-21 12:20:39.945root 11241100x8000000000000000653209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1176860fa6d51f482021-12-21 12:20:39.945root 11241100x8000000000000000653210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331089a490aed0ff2021-12-21 12:20:39.945root 11241100x8000000000000000653211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865391afa529b3022021-12-21 12:20:39.946root 11241100x8000000000000000653212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658ba5e50c72cbc22021-12-21 12:20:39.946root 11241100x8000000000000000653213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71e6d92b40404c62021-12-21 12:20:39.946root 11241100x8000000000000000653214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b00be419419d922021-12-21 12:20:39.946root 11241100x8000000000000000653215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125fb058febc258e2021-12-21 12:20:40.443root 11241100x8000000000000000653216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4ae521b11612322021-12-21 12:20:40.443root 11241100x8000000000000000653217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d58a9fcedca7b7e2021-12-21 12:20:40.443root 11241100x8000000000000000653218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2d87f359e088812021-12-21 12:20:40.443root 11241100x8000000000000000653219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211f6f107b13d1472021-12-21 12:20:40.443root 11241100x8000000000000000653220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d0b4c5d44366302021-12-21 12:20:40.443root 11241100x8000000000000000653221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d991488470edb402021-12-21 12:20:40.444root 11241100x8000000000000000653222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2538f5cb040801f42021-12-21 12:20:40.444root 11241100x8000000000000000653223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7315d3131d641efe2021-12-21 12:20:40.444root 11241100x8000000000000000653224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13e93c02ea1f0fe2021-12-21 12:20:40.444root 11241100x8000000000000000653225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0f18e7e5de74f62021-12-21 12:20:40.444root 11241100x8000000000000000653226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9b17908c9363e82021-12-21 12:20:40.444root 11241100x8000000000000000653227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca108a58220821782021-12-21 12:20:40.444root 11241100x8000000000000000653228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d44991ba2733a72021-12-21 12:20:40.444root 11241100x8000000000000000653229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7dac34e20f2a7d2021-12-21 12:20:40.445root 11241100x8000000000000000653230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48dfd72ca11bafb2021-12-21 12:20:40.445root 11241100x8000000000000000653231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c269ddfd3626862021-12-21 12:20:40.445root 11241100x8000000000000000653232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b94c3a32f0f24e2021-12-21 12:20:40.445root 11241100x8000000000000000653233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62aec45977e9f182021-12-21 12:20:40.445root 11241100x8000000000000000653234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5adb75bcbad5aa2021-12-21 12:20:40.445root 11241100x8000000000000000653235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866e8dbb9da53d5f2021-12-21 12:20:40.445root 11241100x8000000000000000653236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6553314bd3a50202021-12-21 12:20:40.445root 11241100x8000000000000000653237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0c318dffe8b0ec2021-12-21 12:20:40.446root 11241100x8000000000000000653238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11932e9159c0ba7f2021-12-21 12:20:40.446root 11241100x8000000000000000653239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d230a9b12da03ae02021-12-21 12:20:40.446root 11241100x8000000000000000653240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e408fece0ef05722021-12-21 12:20:40.942root 11241100x8000000000000000653241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d0d8fc03ae84d32021-12-21 12:20:40.943root 11241100x8000000000000000653242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3aef904fe84857f2021-12-21 12:20:40.943root 11241100x8000000000000000653243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc2028695af8e0d2021-12-21 12:20:40.943root 11241100x8000000000000000653244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b108ba4a29f6472021-12-21 12:20:40.943root 11241100x8000000000000000653245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b756acb4c4bdbbe22021-12-21 12:20:40.943root 11241100x8000000000000000653246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c2ee4f5b93559d2021-12-21 12:20:40.943root 11241100x8000000000000000653247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dfe94d1593d0522021-12-21 12:20:40.944root 11241100x8000000000000000653248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0906027accccf5c42021-12-21 12:20:40.944root 11241100x8000000000000000653249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ced77ccf9ac3e42021-12-21 12:20:40.944root 11241100x8000000000000000653250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9b670b4feffbbb2021-12-21 12:20:40.944root 11241100x8000000000000000653251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84027f70b4b16bb2021-12-21 12:20:40.944root 11241100x8000000000000000653252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24d8e83ca9feb3e2021-12-21 12:20:40.944root 11241100x8000000000000000653253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f5e3c9eaf08b7f2021-12-21 12:20:40.944root 11241100x8000000000000000653254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75024c7f1c390bc2021-12-21 12:20:40.945root 11241100x8000000000000000653255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4abfd70ec8561d72021-12-21 12:20:40.945root 11241100x8000000000000000653256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e422c55242027c2021-12-21 12:20:40.945root 11241100x8000000000000000653257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f4ba3be68b55762021-12-21 12:20:40.945root 11241100x8000000000000000653258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3f3da4e60d575b2021-12-21 12:20:40.945root 11241100x8000000000000000653259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a622ee25c25afe4c2021-12-21 12:20:40.945root 11241100x8000000000000000653260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a00550b5c9a17a2021-12-21 12:20:40.946root 11241100x8000000000000000653261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d459becf3d6a1752021-12-21 12:20:40.946root 11241100x8000000000000000653262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e90d233a93f9e4d2021-12-21 12:20:40.946root 11241100x8000000000000000653263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2673a6417b6af7aa2021-12-21 12:20:40.946root 11241100x8000000000000000653264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9c0956552deba92021-12-21 12:20:40.946root 11241100x8000000000000000653265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6109add94a3337652021-12-21 12:20:40.947root 11241100x8000000000000000653266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55eb8a78491b8f772021-12-21 12:20:40.947root 11241100x8000000000000000653267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a3551b0eb5e9302021-12-21 12:20:40.947root 11241100x8000000000000000653268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afcb44d83e4067b2021-12-21 12:20:41.443root 11241100x8000000000000000653269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db258c443e1015282021-12-21 12:20:41.443root 11241100x8000000000000000653270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e73b0ad681b68eb2021-12-21 12:20:41.443root 11241100x8000000000000000653271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c3db2f8f83374d2021-12-21 12:20:41.444root 11241100x8000000000000000653272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fede5d0711a192962021-12-21 12:20:41.444root 11241100x8000000000000000653273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba37133aab7b05d2021-12-21 12:20:41.444root 11241100x8000000000000000653274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314227cff60551942021-12-21 12:20:41.444root 11241100x8000000000000000653275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555e1dc39ca08fed2021-12-21 12:20:41.444root 11241100x8000000000000000653276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871ce00456143af02021-12-21 12:20:41.444root 11241100x8000000000000000653277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842e4ccc83e344392021-12-21 12:20:41.445root 11241100x8000000000000000653278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8cf1b381b7a90c2021-12-21 12:20:41.445root 11241100x8000000000000000653279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124f57eda66603442021-12-21 12:20:41.445root 11241100x8000000000000000653280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103133696e0c34292021-12-21 12:20:41.445root 11241100x8000000000000000653281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461507844e12eb242021-12-21 12:20:41.445root 11241100x8000000000000000653282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a7b705af3d172e2021-12-21 12:20:41.445root 11241100x8000000000000000653283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3027fa7814ed1dee2021-12-21 12:20:41.445root 11241100x8000000000000000653284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b79c751362483d62021-12-21 12:20:41.445root 11241100x8000000000000000653285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d00c76b6993a332021-12-21 12:20:41.446root 11241100x8000000000000000653286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3b19cb778a59282021-12-21 12:20:41.446root 11241100x8000000000000000653287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d67fe9ec99874932021-12-21 12:20:41.446root 11241100x8000000000000000653288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a574da528d2ce262021-12-21 12:20:41.446root 11241100x8000000000000000653289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0823a3d3e483b6702021-12-21 12:20:41.446root 11241100x8000000000000000653290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762e36ee2fc714f82021-12-21 12:20:41.447root 11241100x8000000000000000653291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1895589e9f6986162021-12-21 12:20:41.447root 11241100x8000000000000000653292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bac372900118e492021-12-21 12:20:41.447root 11241100x8000000000000000653293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25930b11c33200852021-12-21 12:20:41.942root 11241100x8000000000000000653294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1819ee38d5af972021-12-21 12:20:41.943root 11241100x8000000000000000653295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656278aafdcfbc592021-12-21 12:20:41.943root 11241100x8000000000000000653296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6eada75a8d5e1192021-12-21 12:20:41.943root 11241100x8000000000000000653297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f008dcd52917b10c2021-12-21 12:20:41.943root 11241100x8000000000000000653298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b64ae6b05f42da2021-12-21 12:20:41.944root 11241100x8000000000000000653299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70058792e1b7ef92021-12-21 12:20:41.944root 11241100x8000000000000000653300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4074c09c9e36c3f92021-12-21 12:20:41.944root 11241100x8000000000000000653301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc195f8f54212f32021-12-21 12:20:41.944root 11241100x8000000000000000653302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a7e75803bb1f6b2021-12-21 12:20:41.944root 11241100x8000000000000000653303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e301cbad05591d2b2021-12-21 12:20:41.944root 11241100x8000000000000000653304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567dd031c2afd2a32021-12-21 12:20:41.944root 11241100x8000000000000000653305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d56e471b62a8f12021-12-21 12:20:41.945root 11241100x8000000000000000653306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4899692b2d450012021-12-21 12:20:41.945root 11241100x8000000000000000653307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f406f150cd7f692021-12-21 12:20:41.945root 11241100x8000000000000000653308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fe9f25e72dbc0c2021-12-21 12:20:41.945root 11241100x8000000000000000653309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e20d65889e0b892021-12-21 12:20:41.945root 11241100x8000000000000000653310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f396f713ca7ba5d2021-12-21 12:20:41.945root 11241100x8000000000000000653311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f875f6173d1cb4b2021-12-21 12:20:41.945root 11241100x8000000000000000653312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94288640ec7e2f12021-12-21 12:20:41.945root 11241100x8000000000000000653313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56bb81f71a1e3632021-12-21 12:20:41.946root 11241100x8000000000000000653314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7d066209672d2f2021-12-21 12:20:41.946root 11241100x8000000000000000653315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb6edbc41ab73662021-12-21 12:20:41.946root 11241100x8000000000000000653316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97cd9b10ccf1bc42021-12-21 12:20:41.946root 11241100x8000000000000000653317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18055fca4ccf91632021-12-21 12:20:41.946root 11241100x8000000000000000653318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:41.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a03721822398102021-12-21 12:20:41.947root 354300x8000000000000000653319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.100{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49852-false10.0.1.12-8000- 11241100x8000000000000000653320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfc4542f450eef62021-12-21 12:20:42.443root 11241100x8000000000000000653321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d3c117d1aba64d2021-12-21 12:20:42.443root 11241100x8000000000000000653322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c06532242bcf2d02021-12-21 12:20:42.443root 11241100x8000000000000000653323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886243acd6cae6b92021-12-21 12:20:42.443root 11241100x8000000000000000653324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8963e59c0d2a76c92021-12-21 12:20:42.444root 11241100x8000000000000000653325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b532e697bf5daebf2021-12-21 12:20:42.444root 11241100x8000000000000000653326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a008b99862296b2021-12-21 12:20:42.444root 11241100x8000000000000000653327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3984d6b20dd76ed22021-12-21 12:20:42.444root 11241100x8000000000000000653328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c807b390af06de2021-12-21 12:20:42.444root 11241100x8000000000000000653329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d632a291e9e97bb2021-12-21 12:20:42.444root 11241100x8000000000000000653330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0c5864422b3ef12021-12-21 12:20:42.444root 11241100x8000000000000000653331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76744b1683ebc5f2021-12-21 12:20:42.444root 11241100x8000000000000000653332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a774aef80efbb8c2021-12-21 12:20:42.444root 11241100x8000000000000000653333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4125b3344c297fc2021-12-21 12:20:42.444root 11241100x8000000000000000653334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01072e61b77a524a2021-12-21 12:20:42.444root 11241100x8000000000000000653335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468c662ff7d7f05c2021-12-21 12:20:42.444root 11241100x8000000000000000653336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abf74ee233996a92021-12-21 12:20:42.445root 11241100x8000000000000000653337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9f21486c40d0ec2021-12-21 12:20:42.445root 11241100x8000000000000000653338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23516c91bdb63dd12021-12-21 12:20:42.445root 11241100x8000000000000000653339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5613625f84d0770a2021-12-21 12:20:42.445root 11241100x8000000000000000653340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4d695c186e11192021-12-21 12:20:42.445root 11241100x8000000000000000653341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfd8ad20be666ee2021-12-21 12:20:42.445root 11241100x8000000000000000653342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f08f0e5249ed712021-12-21 12:20:42.445root 11241100x8000000000000000653343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56c41d6b31f5bcb2021-12-21 12:20:42.446root 11241100x8000000000000000653344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d597e49e1e5eb792021-12-21 12:20:42.447root 11241100x8000000000000000653345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d6e600d7376f5a2021-12-21 12:20:42.447root 11241100x8000000000000000653346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf84562b46e368a62021-12-21 12:20:42.943root 11241100x8000000000000000653347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9c9952c122d6912021-12-21 12:20:42.943root 11241100x8000000000000000653348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb213affe66f64f2021-12-21 12:20:42.944root 11241100x8000000000000000653349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc20a28a38eb7d612021-12-21 12:20:42.944root 11241100x8000000000000000653350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1facbc0d518b322021-12-21 12:20:42.944root 11241100x8000000000000000653351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ff084d498b531a2021-12-21 12:20:42.945root 11241100x8000000000000000653352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad39a49a5099c1882021-12-21 12:20:42.945root 11241100x8000000000000000653353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609fed8a5695acad2021-12-21 12:20:42.945root 11241100x8000000000000000653354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a91e4845ee471f2021-12-21 12:20:42.945root 11241100x8000000000000000653355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37321109cbc3e492021-12-21 12:20:42.945root 11241100x8000000000000000653356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1e1d5b31cd81612021-12-21 12:20:42.945root 11241100x8000000000000000653357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5996b510a7e9252021-12-21 12:20:42.946root 11241100x8000000000000000653358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf713b495cac3b32021-12-21 12:20:42.946root 11241100x8000000000000000653359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a6757457de8b572021-12-21 12:20:42.946root 11241100x8000000000000000653360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0e6dc94f8ff9f62021-12-21 12:20:42.946root 11241100x8000000000000000653361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35a69ae1dc177932021-12-21 12:20:42.947root 11241100x8000000000000000653362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb58454ca43a53c2021-12-21 12:20:42.947root 11241100x8000000000000000653363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0badc3bfbb6fe402021-12-21 12:20:42.947root 11241100x8000000000000000653364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856dec689eb40a662021-12-21 12:20:42.947root 11241100x8000000000000000653365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fc331124146fad2021-12-21 12:20:42.947root 11241100x8000000000000000653366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca1ec97673680772021-12-21 12:20:42.947root 11241100x8000000000000000653367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eb0a607bdc03b82021-12-21 12:20:42.947root 11241100x8000000000000000653368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977d32bbd97b88a02021-12-21 12:20:42.947root 11241100x8000000000000000653369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d618adc5826c902021-12-21 12:20:42.947root 11241100x8000000000000000653370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915d82404261655d2021-12-21 12:20:42.948root 11241100x8000000000000000653371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eaa8cee1b8f8dde2021-12-21 12:20:42.948root 11241100x8000000000000000653372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32dabdf61952b8082021-12-21 12:20:42.948root 11241100x8000000000000000653373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50a063259ddb3292021-12-21 12:20:43.443root 11241100x8000000000000000653374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ca3e98a1c0a1a32021-12-21 12:20:43.443root 11241100x8000000000000000653375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c35eed209b66a32021-12-21 12:20:43.443root 11241100x8000000000000000653376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04fea2c425714212021-12-21 12:20:43.444root 11241100x8000000000000000653377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12e3fd7c3f8586c2021-12-21 12:20:43.444root 11241100x8000000000000000653378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154fe5be1145e33b2021-12-21 12:20:43.444root 11241100x8000000000000000653379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba3abedd899a03f2021-12-21 12:20:43.445root 11241100x8000000000000000653380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f74c85dcba91352021-12-21 12:20:43.445root 11241100x8000000000000000653381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9caba15c8c97732021-12-21 12:20:43.445root 11241100x8000000000000000653382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c00bdf7f0538ef42021-12-21 12:20:43.445root 11241100x8000000000000000653383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfcb941a321304c2021-12-21 12:20:43.445root 11241100x8000000000000000653384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62e88f8eb60b1bc2021-12-21 12:20:43.445root 11241100x8000000000000000653385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f61c615f4f6bcfd2021-12-21 12:20:43.445root 11241100x8000000000000000653386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d026eda3f610f2a12021-12-21 12:20:43.445root 11241100x8000000000000000653387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77cdaaa9eecf7c312021-12-21 12:20:43.447root 11241100x8000000000000000653388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d827cef5435adbdd2021-12-21 12:20:43.447root 11241100x8000000000000000653389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb34ddae7d0828952021-12-21 12:20:43.447root 11241100x8000000000000000653390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6347266fc5c614d02021-12-21 12:20:43.447root 11241100x8000000000000000653391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd700a25055436f2021-12-21 12:20:43.448root 11241100x8000000000000000653392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94083f14be887f022021-12-21 12:20:43.448root 11241100x8000000000000000653393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe6160dd10e2d9f2021-12-21 12:20:43.448root 11241100x8000000000000000653394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c4d4830626a7bb2021-12-21 12:20:43.448root 11241100x8000000000000000653395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac69c31d29a4f69a2021-12-21 12:20:43.448root 11241100x8000000000000000653396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260f0e6570964f302021-12-21 12:20:43.448root 11241100x8000000000000000653397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66dfb3a6565f5e0f2021-12-21 12:20:43.448root 11241100x8000000000000000653398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5fffcaf485c4e12021-12-21 12:20:43.448root 11241100x8000000000000000653399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a397f3d259512372021-12-21 12:20:43.943root 11241100x8000000000000000653400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6aae86b83b88cc52021-12-21 12:20:43.943root 11241100x8000000000000000653401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16aecb0b3a2cfcac2021-12-21 12:20:43.943root 11241100x8000000000000000653402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37d0556ba8494db2021-12-21 12:20:43.943root 11241100x8000000000000000653403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0ec4ef4408abc52021-12-21 12:20:43.944root 11241100x8000000000000000653404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f0639fb09bfd152021-12-21 12:20:43.944root 11241100x8000000000000000653405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d8299eaedbce672021-12-21 12:20:43.944root 11241100x8000000000000000653406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57328ec48f9a8222021-12-21 12:20:43.944root 11241100x8000000000000000653407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafa2bcd21c81d212021-12-21 12:20:43.944root 11241100x8000000000000000653408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227b9e78cff2c1842021-12-21 12:20:43.944root 11241100x8000000000000000653409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0f8ab83ac99bcb2021-12-21 12:20:43.944root 11241100x8000000000000000653410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d732b7bd72c4c52021-12-21 12:20:43.944root 11241100x8000000000000000653411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25cd42f145f06932021-12-21 12:20:43.944root 11241100x8000000000000000653412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3d20b4889242672021-12-21 12:20:43.944root 11241100x8000000000000000653413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac9581fda042f492021-12-21 12:20:43.944root 11241100x8000000000000000653414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f43c00e3aa054a42021-12-21 12:20:43.944root 11241100x8000000000000000653415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97122d1a7ba393b2021-12-21 12:20:43.944root 11241100x8000000000000000653416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e67e80ed5a9d4d2021-12-21 12:20:43.945root 11241100x8000000000000000653417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cebf0d0ee5f6fa2021-12-21 12:20:43.945root 11241100x8000000000000000653418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88d760318d68abe2021-12-21 12:20:43.945root 11241100x8000000000000000653419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad637e0e51827522021-12-21 12:20:43.945root 11241100x8000000000000000653420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9578b435c7e36e372021-12-21 12:20:43.945root 11241100x8000000000000000653421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61bb6508fa6318c2021-12-21 12:20:43.945root 11241100x8000000000000000653422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7779b96193a605012021-12-21 12:20:43.945root 11241100x8000000000000000653423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb6e65fe1b3f2282021-12-21 12:20:43.945root 11241100x8000000000000000653424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64290693dc1ceb82021-12-21 12:20:43.945root 11241100x8000000000000000653425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c45275c66b0ae6e2021-12-21 12:20:44.443root 11241100x8000000000000000653426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cff70fc0699a3b72021-12-21 12:20:44.443root 11241100x8000000000000000653427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43b100b1d66303d2021-12-21 12:20:44.443root 11241100x8000000000000000653428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18827559e92bb61c2021-12-21 12:20:44.443root 11241100x8000000000000000653429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810297d304d68cc12021-12-21 12:20:44.443root 11241100x8000000000000000653430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898d3485b25d91742021-12-21 12:20:44.443root 11241100x8000000000000000653431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a80c47766d254c92021-12-21 12:20:44.443root 11241100x8000000000000000653432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1254fb718b624d2021-12-21 12:20:44.443root 11241100x8000000000000000653433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52c687da10ed4c22021-12-21 12:20:44.443root 11241100x8000000000000000653434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c940fc65e08693d2021-12-21 12:20:44.444root 11241100x8000000000000000653435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6439a43fa5a807d2021-12-21 12:20:44.444root 11241100x8000000000000000653436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31117738e60a2fb62021-12-21 12:20:44.444root 11241100x8000000000000000653437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62030379211ebb542021-12-21 12:20:44.444root 11241100x8000000000000000653438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c811baf8c78e6502021-12-21 12:20:44.444root 11241100x8000000000000000653439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17006eb8d2cba29c2021-12-21 12:20:44.444root 11241100x8000000000000000653440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b8c738b3ed21982021-12-21 12:20:44.444root 11241100x8000000000000000653441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9583fdb6e8aa0972021-12-21 12:20:44.444root 11241100x8000000000000000653442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6601158a2f2e6eb2021-12-21 12:20:44.444root 11241100x8000000000000000653443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66296fbdc03d0acb2021-12-21 12:20:44.444root 11241100x8000000000000000653444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf8016867a52d4b2021-12-21 12:20:44.444root 11241100x8000000000000000653445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b538d253ed6b272021-12-21 12:20:44.445root 11241100x8000000000000000653446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d83b7d1220cf8122021-12-21 12:20:44.445root 11241100x8000000000000000653447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ecda272635e4792021-12-21 12:20:44.445root 11241100x8000000000000000653448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23805b71e4ce02c52021-12-21 12:20:44.445root 11241100x8000000000000000653449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abd0d8b606193a12021-12-21 12:20:44.445root 11241100x8000000000000000653450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c41a8f8a30cf702021-12-21 12:20:44.445root 11241100x8000000000000000653451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07208b4f1666eed2021-12-21 12:20:44.445root 11241100x8000000000000000653452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198cc063ff788d972021-12-21 12:20:44.943root 11241100x8000000000000000653453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57429faf68fa315b2021-12-21 12:20:44.943root 11241100x8000000000000000653454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0961ce1f3e42ee2021-12-21 12:20:44.943root 11241100x8000000000000000653455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f10ffe18dc117a2021-12-21 12:20:44.943root 11241100x8000000000000000653456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f09e05ef22761ff2021-12-21 12:20:44.943root 11241100x8000000000000000653457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f013848d6c234d662021-12-21 12:20:44.943root 11241100x8000000000000000653458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2712b77075e24f802021-12-21 12:20:44.943root 11241100x8000000000000000653459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b91023108f84b612021-12-21 12:20:44.943root 11241100x8000000000000000653460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7ac175246532352021-12-21 12:20:44.943root 11241100x8000000000000000653461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0e8321597856742021-12-21 12:20:44.944root 11241100x8000000000000000653462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf7ac48448cf37c2021-12-21 12:20:44.944root 11241100x8000000000000000653463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581f800f2bd2df5f2021-12-21 12:20:44.944root 11241100x8000000000000000653464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899275b2616f70d92021-12-21 12:20:44.944root 11241100x8000000000000000653465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523f32cbaf19d1e22021-12-21 12:20:44.944root 11241100x8000000000000000653466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4405c533e2148172021-12-21 12:20:44.944root 11241100x8000000000000000653467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70a2a512df3909a2021-12-21 12:20:44.944root 11241100x8000000000000000653468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de545e9ee3af5fc22021-12-21 12:20:44.944root 11241100x8000000000000000653469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa92c97119715fc2021-12-21 12:20:44.944root 11241100x8000000000000000653470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941fe621f0a4724f2021-12-21 12:20:44.944root 11241100x8000000000000000653471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddca2fbfb77c69a92021-12-21 12:20:44.944root 11241100x8000000000000000653472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da5fb4a01baa4772021-12-21 12:20:44.944root 11241100x8000000000000000653473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d50d8af0db00d7a2021-12-21 12:20:44.944root 11241100x8000000000000000653474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3d99d575b844e42021-12-21 12:20:44.944root 11241100x8000000000000000653475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a22144f904a50e2021-12-21 12:20:44.945root 11241100x8000000000000000653476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776043c1ae1eb6232021-12-21 12:20:44.945root 11241100x8000000000000000653477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81019d461f31dcb62021-12-21 12:20:44.945root 11241100x8000000000000000653478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcfaf306c4dbdcc2021-12-21 12:20:45.443root 11241100x8000000000000000653479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706d217dd73654ca2021-12-21 12:20:45.443root 11241100x8000000000000000653480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c03e92e6f27bc02021-12-21 12:20:45.443root 11241100x8000000000000000653481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44e043e16778d7e2021-12-21 12:20:45.443root 11241100x8000000000000000653482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caa76f62f74aedd2021-12-21 12:20:45.443root 11241100x8000000000000000653483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa7972176b1155c2021-12-21 12:20:45.443root 11241100x8000000000000000653484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b494f446a9cffc2021-12-21 12:20:45.444root 11241100x8000000000000000653485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94c2d1ffbbe24ac2021-12-21 12:20:45.444root 11241100x8000000000000000653486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d5da7516db002f2021-12-21 12:20:45.444root 11241100x8000000000000000653487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7f76e158375f882021-12-21 12:20:45.444root 11241100x8000000000000000653488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500cde953493bb962021-12-21 12:20:45.444root 11241100x8000000000000000653489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879614e288c0b90b2021-12-21 12:20:45.444root 11241100x8000000000000000653490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e00f1303b842e672021-12-21 12:20:45.444root 11241100x8000000000000000653491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2105fe3c02d7653b2021-12-21 12:20:45.444root 11241100x8000000000000000653492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4109801243e8c8dd2021-12-21 12:20:45.444root 11241100x8000000000000000653493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b36b4d8524f51e2021-12-21 12:20:45.444root 11241100x8000000000000000653494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e76a4711b6838212021-12-21 12:20:45.445root 11241100x8000000000000000653495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a088557f38abff7f2021-12-21 12:20:45.445root 11241100x8000000000000000653496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688507bc323b14fd2021-12-21 12:20:45.445root 11241100x8000000000000000653497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf60cba87dc7fa42021-12-21 12:20:45.445root 11241100x8000000000000000653498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb56ca54120a03b32021-12-21 12:20:45.445root 11241100x8000000000000000653499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730f535ba34cf5492021-12-21 12:20:45.445root 11241100x8000000000000000653500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48952ce3643139d2021-12-21 12:20:45.445root 11241100x8000000000000000653501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6184cd277d50c3a52021-12-21 12:20:45.445root 11241100x8000000000000000653502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7085ba77fb2d658a2021-12-21 12:20:45.445root 11241100x8000000000000000653503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956576369ae0c8dc2021-12-21 12:20:45.445root 11241100x8000000000000000653504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dff018def0b7d32021-12-21 12:20:45.943root 11241100x8000000000000000653505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfff005a29ef98db2021-12-21 12:20:45.943root 11241100x8000000000000000653506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1b050d947962372021-12-21 12:20:45.943root 11241100x8000000000000000653507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd423afbcdf5ae732021-12-21 12:20:45.943root 11241100x8000000000000000653508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0b144879ea91552021-12-21 12:20:45.943root 11241100x8000000000000000653509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b1d16b7c5e7cfa2021-12-21 12:20:45.944root 11241100x8000000000000000653510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9397c6d63351bf3b2021-12-21 12:20:45.944root 11241100x8000000000000000653511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea09ff7ebba8aef2021-12-21 12:20:45.944root 11241100x8000000000000000653512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50036f24563bb9e2021-12-21 12:20:45.944root 11241100x8000000000000000653513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436db6465ae759a52021-12-21 12:20:45.944root 11241100x8000000000000000653514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09c10a8a0a03eb32021-12-21 12:20:45.944root 11241100x8000000000000000653515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490ce0002dbdc1dc2021-12-21 12:20:45.944root 11241100x8000000000000000653516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8f260a1eeadf222021-12-21 12:20:45.944root 11241100x8000000000000000653517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5940f8de8b9d63232021-12-21 12:20:45.944root 11241100x8000000000000000653518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2015f9bba2fe3dcb2021-12-21 12:20:45.944root 11241100x8000000000000000653519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51538e3057f74a632021-12-21 12:20:45.944root 11241100x8000000000000000653520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0050ef7de89bebdc2021-12-21 12:20:45.945root 11241100x8000000000000000653521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738b0d6359da26bc2021-12-21 12:20:45.945root 11241100x8000000000000000653522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013b4e364e5cf79b2021-12-21 12:20:45.945root 11241100x8000000000000000653523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99812ea22d631b42021-12-21 12:20:45.945root 11241100x8000000000000000653524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ee79d6e1434dc92021-12-21 12:20:45.945root 11241100x8000000000000000653525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b9e5e3743a8ebc2021-12-21 12:20:45.945root 11241100x8000000000000000653526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0d92f4eb22bbe72021-12-21 12:20:45.945root 11241100x8000000000000000653527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d585b8ca64eee6b32021-12-21 12:20:45.945root 11241100x8000000000000000653528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137d589fbf0370e52021-12-21 12:20:45.946root 11241100x8000000000000000653529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f4a6bb7d2988b92021-12-21 12:20:45.946root 11241100x8000000000000000653530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b275a3b137ff77d92021-12-21 12:20:45.946root 11241100x8000000000000000653531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212b3591e48809072021-12-21 12:20:45.947root 11241100x8000000000000000653532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fac205786e9e5a32021-12-21 12:20:45.947root 11241100x8000000000000000653533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac27c9b3dbeffbc2021-12-21 12:20:45.947root 11241100x8000000000000000653534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867e84c62ca4cade2021-12-21 12:20:45.947root 11241100x8000000000000000653535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4362063b272776d2021-12-21 12:20:45.947root 11241100x8000000000000000653536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5886cf594e05fae52021-12-21 12:20:46.443root 11241100x8000000000000000653537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce064402febd19e22021-12-21 12:20:46.443root 11241100x8000000000000000653538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8f2ed79c896b802021-12-21 12:20:46.444root 11241100x8000000000000000653539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae8f6bc693833b12021-12-21 12:20:46.444root 11241100x8000000000000000653540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48682b3411433f402021-12-21 12:20:46.444root 11241100x8000000000000000653541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643c3ebad09d313a2021-12-21 12:20:46.445root 11241100x8000000000000000653542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1618cfc264c97d12021-12-21 12:20:46.445root 11241100x8000000000000000653543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f3becd54527b772021-12-21 12:20:46.445root 11241100x8000000000000000653544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306998c0d58440dc2021-12-21 12:20:46.445root 11241100x8000000000000000653545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360f7716057aeee32021-12-21 12:20:46.445root 11241100x8000000000000000653546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5407be8420ae2e9f2021-12-21 12:20:46.445root 11241100x8000000000000000653547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630d7754ac9bdd192021-12-21 12:20:46.445root 11241100x8000000000000000653548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1c6190bed5821b2021-12-21 12:20:46.445root 11241100x8000000000000000653549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1001174d785a3d052021-12-21 12:20:46.446root 11241100x8000000000000000653550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97c94e02e5cf0022021-12-21 12:20:46.446root 11241100x8000000000000000653551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ee59a3904e5a602021-12-21 12:20:46.446root 11241100x8000000000000000653552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87076432c879192a2021-12-21 12:20:46.446root 11241100x8000000000000000653553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527da65f6a86acb82021-12-21 12:20:46.446root 11241100x8000000000000000653554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5784da671788ea2021-12-21 12:20:46.446root 11241100x8000000000000000653555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9835e158ef6e33d2021-12-21 12:20:46.446root 11241100x8000000000000000653556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0172cfdf289a532021-12-21 12:20:46.446root 11241100x8000000000000000653557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2884e6603d6403192021-12-21 12:20:46.446root 11241100x8000000000000000653558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fcbb2cead00db82021-12-21 12:20:46.446root 11241100x8000000000000000653559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8192285fa91be7dd2021-12-21 12:20:46.446root 11241100x8000000000000000653560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b5cf1b762ed18b2021-12-21 12:20:46.446root 11241100x8000000000000000653561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970820f47dd508962021-12-21 12:20:46.446root 11241100x8000000000000000653562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b259d6d597d38f72021-12-21 12:20:46.446root 11241100x8000000000000000653563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1448b74d8be7e0852021-12-21 12:20:46.446root 11241100x8000000000000000653564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fcd80b6d4c3cc12021-12-21 12:20:46.943root 11241100x8000000000000000653565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22d188544f597262021-12-21 12:20:46.943root 11241100x8000000000000000653566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891a45bd508db6ad2021-12-21 12:20:46.943root 11241100x8000000000000000653567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2b8a3de943e51b2021-12-21 12:20:46.943root 11241100x8000000000000000653568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7585910ddfc80bd82021-12-21 12:20:46.943root 11241100x8000000000000000653569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8569f29e3715402021-12-21 12:20:46.944root 11241100x8000000000000000653570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941fce6ccfcba51b2021-12-21 12:20:46.944root 11241100x8000000000000000653571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c7766a3908cc3f2021-12-21 12:20:46.944root 11241100x8000000000000000653572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24beb0ae16f5ac52021-12-21 12:20:46.944root 11241100x8000000000000000653573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995b3f129438114c2021-12-21 12:20:46.944root 11241100x8000000000000000653574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bac895e18f2be652021-12-21 12:20:46.944root 11241100x8000000000000000653575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123256d46ff459bf2021-12-21 12:20:46.944root 11241100x8000000000000000653576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3bb4d7a4d4b80c2021-12-21 12:20:46.945root 11241100x8000000000000000653577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e91aca251391b32021-12-21 12:20:46.945root 11241100x8000000000000000653578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a015efa9775c25f2021-12-21 12:20:46.945root 11241100x8000000000000000653579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d24eaa3ef80a4752021-12-21 12:20:46.945root 11241100x8000000000000000653580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be9f8bb5e75974f2021-12-21 12:20:46.945root 11241100x8000000000000000653581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc1d538dc0463362021-12-21 12:20:46.945root 11241100x8000000000000000653582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8206d0025a410832021-12-21 12:20:46.946root 11241100x8000000000000000653583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f8cd27aa78a7562021-12-21 12:20:46.946root 11241100x8000000000000000653584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca0d03fc8132f072021-12-21 12:20:46.946root 11241100x8000000000000000653585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d928e720fd8acd82021-12-21 12:20:46.946root 11241100x8000000000000000653586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f082f73ea58ffe502021-12-21 12:20:46.946root 11241100x8000000000000000653587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585e6cecd96112fd2021-12-21 12:20:46.946root 11241100x8000000000000000653588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c885df0ba2f6677f2021-12-21 12:20:46.946root 11241100x8000000000000000653589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5c8dcaf6f6528e2021-12-21 12:20:46.947root 11241100x8000000000000000653590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcbbc5529fc63232021-12-21 12:20:46.947root 11241100x8000000000000000653591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37b5bba79f23a552021-12-21 12:20:46.947root 11241100x8000000000000000653592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afea37a00966b1ce2021-12-21 12:20:46.947root 11241100x8000000000000000653593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb1a50b6d74bf362021-12-21 12:20:46.947root 11241100x8000000000000000653594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3674ca1773faf582021-12-21 12:20:46.947root 11241100x8000000000000000653595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea57b458e580d9f2021-12-21 12:20:47.443root 11241100x8000000000000000653596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22453a072af8f40b2021-12-21 12:20:47.443root 11241100x8000000000000000653597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f4cf42e056172b2021-12-21 12:20:47.443root 11241100x8000000000000000653598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3667bbcada95a032021-12-21 12:20:47.443root 11241100x8000000000000000653599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd11d730c33484c22021-12-21 12:20:47.443root 11241100x8000000000000000653600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89455c3e00b121b2021-12-21 12:20:47.444root 11241100x8000000000000000653601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5c2fce894ca3892021-12-21 12:20:47.444root 11241100x8000000000000000653602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81e07ea21e3757f2021-12-21 12:20:47.444root 11241100x8000000000000000653603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ee2126e3eebecb2021-12-21 12:20:47.444root 11241100x8000000000000000653604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61194f9c685939a2021-12-21 12:20:47.444root 11241100x8000000000000000653605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31eee0092de72b122021-12-21 12:20:47.445root 11241100x8000000000000000653606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4d372e5d81c1922021-12-21 12:20:47.445root 11241100x8000000000000000653607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2580ae57eb44a822021-12-21 12:20:47.445root 11241100x8000000000000000653608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839f5012e4af0cac2021-12-21 12:20:47.445root 11241100x8000000000000000653609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656da1a4354261262021-12-21 12:20:47.445root 11241100x8000000000000000653610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c33f2f8c552bc92021-12-21 12:20:47.445root 11241100x8000000000000000653611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637e12ad5a480dfb2021-12-21 12:20:47.445root 11241100x8000000000000000653612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99808561bf16798b2021-12-21 12:20:47.445root 11241100x8000000000000000653613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e4c656d1eddeb12021-12-21 12:20:47.445root 11241100x8000000000000000653614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2aae673acbd89072021-12-21 12:20:47.445root 11241100x8000000000000000653615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2235770a99129f3e2021-12-21 12:20:47.446root 11241100x8000000000000000653616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ff61bcc9e3ab442021-12-21 12:20:47.446root 11241100x8000000000000000653617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26537e0ce74ed0a2021-12-21 12:20:47.446root 11241100x8000000000000000653618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14223dbb6a1d1e842021-12-21 12:20:47.446root 11241100x8000000000000000653619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3f92a53fce43ba2021-12-21 12:20:47.446root 11241100x8000000000000000653620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c1befa064dafac2021-12-21 12:20:47.446root 11241100x8000000000000000653621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f56086d1908f9e22021-12-21 12:20:47.446root 11241100x8000000000000000653622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec4d9ec0fa386702021-12-21 12:20:47.446root 11241100x8000000000000000653623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdab7d80fe136df2021-12-21 12:20:47.446root 11241100x8000000000000000653624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aeab18441e9d6be2021-12-21 12:20:47.942root 11241100x8000000000000000653625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31973ee161af51802021-12-21 12:20:47.943root 11241100x8000000000000000653626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4fabb5f99374e52021-12-21 12:20:47.943root 11241100x8000000000000000653627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f465f5d52b0e7d372021-12-21 12:20:47.943root 11241100x8000000000000000653628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae8247d0778afdc2021-12-21 12:20:47.943root 11241100x8000000000000000653629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9a552781c44ce02021-12-21 12:20:47.943root 11241100x8000000000000000653630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad58659d8b7b48a2021-12-21 12:20:47.943root 11241100x8000000000000000653631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33d5b276c2075722021-12-21 12:20:47.943root 11241100x8000000000000000653632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c515fb7160ecde62021-12-21 12:20:47.943root 11241100x8000000000000000653633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85eb132436961eff2021-12-21 12:20:47.943root 11241100x8000000000000000653634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bae98f01e9267e42021-12-21 12:20:47.944root 11241100x8000000000000000653635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59236644bcbd21172021-12-21 12:20:47.944root 11241100x8000000000000000653636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2695adc66329b92021-12-21 12:20:47.944root 11241100x8000000000000000653637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3298dad6a9d14e5f2021-12-21 12:20:47.944root 11241100x8000000000000000653638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7742be636a0843fc2021-12-21 12:20:47.944root 11241100x8000000000000000653639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5a9a2b926a49432021-12-21 12:20:47.944root 11241100x8000000000000000653640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09592eb950eb3a42021-12-21 12:20:47.945root 11241100x8000000000000000653641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f850aaf4c122d6bf2021-12-21 12:20:47.945root 11241100x8000000000000000653642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a71533f6ba542d2021-12-21 12:20:47.945root 11241100x8000000000000000653643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62757a5d3e658ecb2021-12-21 12:20:47.945root 11241100x8000000000000000653644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab85d70ed62551d2021-12-21 12:20:47.945root 11241100x8000000000000000653645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5c3f363a85b8982021-12-21 12:20:47.945root 11241100x8000000000000000653646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651ac06c81d5d51f2021-12-21 12:20:47.946root 11241100x8000000000000000653647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0376c824630f86132021-12-21 12:20:47.946root 11241100x8000000000000000653648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306848cdebb9ef7e2021-12-21 12:20:47.946root 11241100x8000000000000000653649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fcefcc77752bf62021-12-21 12:20:47.946root 11241100x8000000000000000653650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157be1ceee9c94242021-12-21 12:20:47.946root 11241100x8000000000000000653651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8006b7f6b702c76e2021-12-21 12:20:47.946root 11241100x8000000000000000653652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc07b768a129b1302021-12-21 12:20:47.946root 11241100x8000000000000000653653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d146aedefa12bf2021-12-21 12:20:47.946root 11241100x8000000000000000653654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccff0e03339c13c2021-12-21 12:20:47.947root 11241100x8000000000000000653655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ece82687233be0f2021-12-21 12:20:47.947root 354300x8000000000000000653656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.076{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49854-false10.0.1.12-8000- 11241100x8000000000000000653657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ad5821362405c42021-12-21 12:20:48.442root 11241100x8000000000000000653658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d4ac9a5ebd8b0d2021-12-21 12:20:48.443root 11241100x8000000000000000653659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f91ec7e50137f62021-12-21 12:20:48.443root 11241100x8000000000000000653660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e5a3c0f40ace3c2021-12-21 12:20:48.443root 11241100x8000000000000000653661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522e7e92feb423032021-12-21 12:20:48.443root 11241100x8000000000000000653662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0921f9abeebd3b322021-12-21 12:20:48.443root 11241100x8000000000000000653663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17534a05506d6a42021-12-21 12:20:48.443root 11241100x8000000000000000653664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ef5e6bdca92b762021-12-21 12:20:48.444root 11241100x8000000000000000653665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872f99a5d9087efc2021-12-21 12:20:48.444root 11241100x8000000000000000653666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90873a6a00d637d32021-12-21 12:20:48.444root 11241100x8000000000000000653667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03bf037d0988ef32021-12-21 12:20:48.444root 11241100x8000000000000000653668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae22db9f39116ae2021-12-21 12:20:48.444root 11241100x8000000000000000653669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaa84f12725f31b2021-12-21 12:20:48.444root 11241100x8000000000000000653670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de69c37aa1409bb32021-12-21 12:20:48.444root 11241100x8000000000000000653671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630ea1de38d371a02021-12-21 12:20:48.445root 11241100x8000000000000000653672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9354f9ff1719b1122021-12-21 12:20:48.445root 11241100x8000000000000000653673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e40968f021a2fe2021-12-21 12:20:48.445root 11241100x8000000000000000653674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c66c54528f104a52021-12-21 12:20:48.445root 11241100x8000000000000000653675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5985de3962825e2021-12-21 12:20:48.445root 11241100x8000000000000000653676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8f3afe087f7b4e2021-12-21 12:20:48.445root 11241100x8000000000000000653677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c63a94cdf18e1862021-12-21 12:20:48.445root 11241100x8000000000000000653678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68026165f5ab767c2021-12-21 12:20:48.445root 11241100x8000000000000000653679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e32d39c36097492021-12-21 12:20:48.446root 11241100x8000000000000000653680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ef10eed6d55d2d2021-12-21 12:20:48.446root 11241100x8000000000000000653681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddc3952848edc4f2021-12-21 12:20:48.446root 11241100x8000000000000000653682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863617dd692e0ae22021-12-21 12:20:48.446root 11241100x8000000000000000653683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2d9b5f8c9fc3862021-12-21 12:20:48.446root 11241100x8000000000000000653684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bf715c5d0e604b2021-12-21 12:20:48.446root 11241100x8000000000000000653685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9740f60d4b07dc982021-12-21 12:20:48.446root 11241100x8000000000000000653686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592a22213d6c6c772021-12-21 12:20:48.446root 11241100x8000000000000000653687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4226dac695d6792021-12-21 12:20:48.447root 11241100x8000000000000000653688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c665d380dbf0b272021-12-21 12:20:48.943root 11241100x8000000000000000653689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6ba461b741f23f2021-12-21 12:20:48.943root 11241100x8000000000000000653690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccb7b9250f4792e2021-12-21 12:20:48.943root 11241100x8000000000000000653691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15833e947b038d3d2021-12-21 12:20:48.943root 11241100x8000000000000000653692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad138108da1207a32021-12-21 12:20:48.944root 11241100x8000000000000000653693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff32227f1ea611f2021-12-21 12:20:48.944root 11241100x8000000000000000653694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cc09895ad611772021-12-21 12:20:48.944root 11241100x8000000000000000653695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aefe5dd5500c9862021-12-21 12:20:48.944root 11241100x8000000000000000653696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e6d5e8065d00832021-12-21 12:20:48.944root 11241100x8000000000000000653697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c648322ed1e7d82021-12-21 12:20:48.944root 11241100x8000000000000000653698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836a2c1be38452272021-12-21 12:20:48.944root 11241100x8000000000000000653699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd37f098e56f9c32021-12-21 12:20:48.944root 11241100x8000000000000000653700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cfdf501a723b302021-12-21 12:20:48.944root 11241100x8000000000000000653701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdba47ba1686d2882021-12-21 12:20:48.944root 11241100x8000000000000000653702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdbf82b8af455a32021-12-21 12:20:48.944root 11241100x8000000000000000653703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d7d82cdca4a5b02021-12-21 12:20:48.944root 11241100x8000000000000000653704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293f61017cdc67722021-12-21 12:20:48.944root 11241100x8000000000000000653705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef66a420a6ca0c742021-12-21 12:20:48.944root 11241100x8000000000000000653706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49544bf126423c6a2021-12-21 12:20:48.945root 11241100x8000000000000000653707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2c3bf82b8fad462021-12-21 12:20:48.945root 11241100x8000000000000000653708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c8a217925c34572021-12-21 12:20:48.945root 11241100x8000000000000000653709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a3656094fa2a872021-12-21 12:20:48.945root 11241100x8000000000000000653710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7653eae8858c90162021-12-21 12:20:48.945root 11241100x8000000000000000653711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95142e0c6ac5adab2021-12-21 12:20:48.945root 11241100x8000000000000000653712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309cfa13c8362af82021-12-21 12:20:48.945root 11241100x8000000000000000653713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1282665c16d7b15d2021-12-21 12:20:48.945root 11241100x8000000000000000653714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93292eda7644ec292021-12-21 12:20:48.946root 11241100x8000000000000000653715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0280b9d131c75ee52021-12-21 12:20:49.442root 11241100x8000000000000000653716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65a47107b586bc82021-12-21 12:20:49.443root 11241100x8000000000000000653717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1628cb4d0328564c2021-12-21 12:20:49.443root 11241100x8000000000000000653718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8822b29cb9b2002021-12-21 12:20:49.443root 11241100x8000000000000000653719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68355c33caa2dd72021-12-21 12:20:49.443root 11241100x8000000000000000653720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92310deaa4abe60f2021-12-21 12:20:49.443root 11241100x8000000000000000653721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f08acc3b4217422021-12-21 12:20:49.443root 11241100x8000000000000000653722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2d88a098bade1f2021-12-21 12:20:49.443root 11241100x8000000000000000653723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967a624ce37e76db2021-12-21 12:20:49.443root 11241100x8000000000000000653724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d6c1d8cc519d8a2021-12-21 12:20:49.444root 11241100x8000000000000000653725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00efd6effe16175c2021-12-21 12:20:49.444root 11241100x8000000000000000653726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1a2a5802c76c4e2021-12-21 12:20:49.444root 11241100x8000000000000000653727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46d7e1d0e119e662021-12-21 12:20:49.444root 11241100x8000000000000000653728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8a1c2af8992d922021-12-21 12:20:49.444root 11241100x8000000000000000653729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec42a3017f0b22f2021-12-21 12:20:49.444root 11241100x8000000000000000653730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c32ed623a6813b12021-12-21 12:20:49.444root 11241100x8000000000000000653731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1955f27cee1b2d2021-12-21 12:20:49.444root 11241100x8000000000000000653732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d889a0860e1bf9b2021-12-21 12:20:49.444root 11241100x8000000000000000653733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f4ebf424ac60b82021-12-21 12:20:49.445root 11241100x8000000000000000653734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c48febd5fbbbfd2021-12-21 12:20:49.445root 11241100x8000000000000000653735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8105efed4a05f9972021-12-21 12:20:49.445root 11241100x8000000000000000653736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c653287c21b2182021-12-21 12:20:49.445root 11241100x8000000000000000653737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9ac4e0de9a0f1a2021-12-21 12:20:49.445root 11241100x8000000000000000653738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2ab61b2046a1c92021-12-21 12:20:49.445root 11241100x8000000000000000653739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc39d393429e7df2021-12-21 12:20:49.445root 11241100x8000000000000000653740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c611b2f7b02c4422021-12-21 12:20:49.445root 11241100x8000000000000000653741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bfdec0f20288a32021-12-21 12:20:49.446root 11241100x8000000000000000653742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ca52e5ed65e6d62021-12-21 12:20:49.446root 11241100x8000000000000000653743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aefd9777e2f81f22021-12-21 12:20:49.446root 11241100x8000000000000000653744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be15280c9c80b0c62021-12-21 12:20:49.446root 11241100x8000000000000000653745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e509c79e80f59b2b2021-12-21 12:20:49.446root 11241100x8000000000000000653746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3a19edef0150502021-12-21 12:20:49.447root 11241100x8000000000000000653747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d046093029c0e692021-12-21 12:20:49.943root 11241100x8000000000000000653748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66be4f0d2454c792021-12-21 12:20:49.943root 11241100x8000000000000000653749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb28f02a9a86b882021-12-21 12:20:49.943root 11241100x8000000000000000653750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eabebd0e312ca532021-12-21 12:20:49.943root 11241100x8000000000000000653751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0b771cd582cdf22021-12-21 12:20:49.943root 11241100x8000000000000000653752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0055fa6967da192021-12-21 12:20:49.943root 11241100x8000000000000000653753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c451d66c5e604a2021-12-21 12:20:49.943root 11241100x8000000000000000653754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49b2aa693009f8c2021-12-21 12:20:49.943root 11241100x8000000000000000653755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ec495ae156fc952021-12-21 12:20:49.943root 11241100x8000000000000000653756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37003b9fc9be1f022021-12-21 12:20:49.943root 11241100x8000000000000000653757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a4d9173716e6c32021-12-21 12:20:49.943root 11241100x8000000000000000653758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1025caf910d38a2021-12-21 12:20:49.944root 11241100x8000000000000000653759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bf6f11eecd13a22021-12-21 12:20:49.944root 11241100x8000000000000000653760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5ee7fe57a1b5932021-12-21 12:20:49.944root 11241100x8000000000000000653761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281a2bc775ecb5f52021-12-21 12:20:49.944root 11241100x8000000000000000653762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049ce8731e7ea3ea2021-12-21 12:20:49.944root 11241100x8000000000000000653763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a35979ac2edac2c2021-12-21 12:20:49.944root 11241100x8000000000000000653764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec14953b46c210b2021-12-21 12:20:49.944root 11241100x8000000000000000653765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6dffd228e93d7e2021-12-21 12:20:49.944root 11241100x8000000000000000653766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4278fca43607632021-12-21 12:20:49.944root 11241100x8000000000000000653767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd793dfdeaaad8e2021-12-21 12:20:49.944root 11241100x8000000000000000653768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6b9e09df534bea2021-12-21 12:20:49.944root 11241100x8000000000000000653769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecc24a1198c38eb2021-12-21 12:20:49.945root 11241100x8000000000000000653770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f7db44cb63d1fa2021-12-21 12:20:49.945root 11241100x8000000000000000653771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8932658b83ac88b32021-12-21 12:20:49.945root 11241100x8000000000000000653772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75abf7fa7e2168962021-12-21 12:20:49.945root 11241100x8000000000000000653773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f701f5a9f68d17e2021-12-21 12:20:49.945root 11241100x8000000000000000653774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5b40c37886d2a02021-12-21 12:20:49.945root 11241100x8000000000000000653775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a664678f40e54f252021-12-21 12:20:49.945root 11241100x8000000000000000653776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc50c4739c0e5792021-12-21 12:20:49.945root 11241100x8000000000000000653777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1a68e6476a3a172021-12-21 12:20:49.945root 11241100x8000000000000000653778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e924054fe577c49a2021-12-21 12:20:49.946root 11241100x8000000000000000653779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a843d7507ee865462021-12-21 12:20:50.443root 11241100x8000000000000000653780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf66e808e294ff02021-12-21 12:20:50.443root 11241100x8000000000000000653781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d368d77a3ac09c2021-12-21 12:20:50.444root 11241100x8000000000000000653782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5296780e9568d912021-12-21 12:20:50.444root 11241100x8000000000000000653783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d8ad79a94070bc2021-12-21 12:20:50.444root 11241100x8000000000000000653784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16583ee807837ff2021-12-21 12:20:50.444root 11241100x8000000000000000653785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4c57402fed75d82021-12-21 12:20:50.444root 11241100x8000000000000000653786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5814dc15a5ea21d2021-12-21 12:20:50.444root 11241100x8000000000000000653787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251df758cd842b222021-12-21 12:20:50.444root 11241100x8000000000000000653788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613fcbca725689962021-12-21 12:20:50.444root 11241100x8000000000000000653789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3b693b5ff5eefc2021-12-21 12:20:50.444root 11241100x8000000000000000653790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5f08e24181e0c62021-12-21 12:20:50.444root 11241100x8000000000000000653791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2566f5d552da425c2021-12-21 12:20:50.445root 11241100x8000000000000000653792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3b8eaee2fac10f2021-12-21 12:20:50.445root 11241100x8000000000000000653793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3512d39975f675482021-12-21 12:20:50.445root 11241100x8000000000000000653794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650ebdfdd370f0f42021-12-21 12:20:50.445root 11241100x8000000000000000653795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18551073a6dbb83d2021-12-21 12:20:50.445root 11241100x8000000000000000653796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51f66bd1e9b429e2021-12-21 12:20:50.445root 11241100x8000000000000000653797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2062af2b7823aed2021-12-21 12:20:50.445root 11241100x8000000000000000653798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd27ae2e7d371dcd2021-12-21 12:20:50.445root 11241100x8000000000000000653799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ed70df440446772021-12-21 12:20:50.445root 11241100x8000000000000000653800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfaeb4ee4151a0d2021-12-21 12:20:50.445root 11241100x8000000000000000653801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b42f3674a41e1e2021-12-21 12:20:50.445root 11241100x8000000000000000653802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943ea234841980462021-12-21 12:20:50.446root 11241100x8000000000000000653803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881fdfbd38e46acf2021-12-21 12:20:50.446root 11241100x8000000000000000653804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9f4839a34b9d722021-12-21 12:20:50.446root 11241100x8000000000000000653805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb3ee6d4d203bf32021-12-21 12:20:50.446root 11241100x8000000000000000653806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471cd1cd0a2623ef2021-12-21 12:20:50.943root 11241100x8000000000000000653807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfca545226f09522021-12-21 12:20:50.943root 11241100x8000000000000000653808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c5760de88a37972021-12-21 12:20:50.943root 11241100x8000000000000000653809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506da1912a41c50d2021-12-21 12:20:50.943root 11241100x8000000000000000653810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db0480d1c1a1fd12021-12-21 12:20:50.943root 11241100x8000000000000000653811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab4ade161afa9692021-12-21 12:20:50.944root 11241100x8000000000000000653812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea60e43d39335f5d2021-12-21 12:20:50.944root 11241100x8000000000000000653813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e684755e3d83ba2021-12-21 12:20:50.944root 11241100x8000000000000000653814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e489a2c7430d20e72021-12-21 12:20:50.944root 11241100x8000000000000000653815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5228c4b4bb88932021-12-21 12:20:50.944root 11241100x8000000000000000653816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072c2308dd8511b62021-12-21 12:20:50.945root 11241100x8000000000000000653817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83ea8db409704c52021-12-21 12:20:50.945root 11241100x8000000000000000653818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c095e1d0f7be2ac82021-12-21 12:20:50.945root 11241100x8000000000000000653819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69bba5319b560212021-12-21 12:20:50.945root 11241100x8000000000000000653820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d9cf458ebc49442021-12-21 12:20:50.945root 11241100x8000000000000000653821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e328682ad4028f12021-12-21 12:20:50.945root 11241100x8000000000000000653822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7086b5c639cda6ef2021-12-21 12:20:50.945root 11241100x8000000000000000653823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f274fead39b9d92021-12-21 12:20:50.945root 11241100x8000000000000000653824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de339e7030a65a1c2021-12-21 12:20:50.946root 11241100x8000000000000000653825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27f990d5f8aa7cb2021-12-21 12:20:50.946root 11241100x8000000000000000653826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928903d5a086e1e42021-12-21 12:20:50.946root 11241100x8000000000000000653827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c855bd3d5e71f52021-12-21 12:20:50.946root 11241100x8000000000000000653828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61d333ddcf4c33b2021-12-21 12:20:50.946root 11241100x8000000000000000653829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf13a9b34ddbd8f2021-12-21 12:20:50.946root 11241100x8000000000000000653830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9457c930aa8270c2021-12-21 12:20:50.946root 11241100x8000000000000000653831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7909bd244616f9f52021-12-21 12:20:50.946root 11241100x8000000000000000653832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369e2c0ebc8069972021-12-21 12:20:50.947root 11241100x8000000000000000653833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a02b2c1a58288ac2021-12-21 12:20:50.947root 11241100x8000000000000000653834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7321af95e7e1f62021-12-21 12:20:50.947root 11241100x8000000000000000653835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4cab78bc079ef22021-12-21 12:20:50.947root 11241100x8000000000000000653836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eddb460ed42c7bdd2021-12-21 12:20:51.443root 11241100x8000000000000000653837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f17c049bead3862021-12-21 12:20:51.443root 11241100x8000000000000000653838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a3feeade356c9b2021-12-21 12:20:51.443root 11241100x8000000000000000653839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0bea29b5254afc2021-12-21 12:20:51.443root 11241100x8000000000000000653840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f348eeb5c1c009e32021-12-21 12:20:51.443root 11241100x8000000000000000653841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cc8b6fb92734e62021-12-21 12:20:51.443root 11241100x8000000000000000653842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5185fa0fff6a422021-12-21 12:20:51.443root 11241100x8000000000000000653843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a437d7d3e15c17d92021-12-21 12:20:51.443root 11241100x8000000000000000653844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e76e06eed5aedb2021-12-21 12:20:51.444root 11241100x8000000000000000653845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5fab0b8f96e3ba2021-12-21 12:20:51.444root 11241100x8000000000000000653846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc2837b3aa12a812021-12-21 12:20:51.444root 11241100x8000000000000000653847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34616561201d70af2021-12-21 12:20:51.444root 11241100x8000000000000000653848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f60da41e8739c8b2021-12-21 12:20:51.444root 11241100x8000000000000000653849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9270146e39a94ece2021-12-21 12:20:51.444root 11241100x8000000000000000653850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e347732c3a5d20e22021-12-21 12:20:51.444root 11241100x8000000000000000653851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e365d58a77fa492021-12-21 12:20:51.445root 11241100x8000000000000000653852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750d548bef90321d2021-12-21 12:20:51.445root 11241100x8000000000000000653853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787b76d02ce628c22021-12-21 12:20:51.445root 11241100x8000000000000000653854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a3dc0359b1dce02021-12-21 12:20:51.445root 11241100x8000000000000000653855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d95a0ee5e007f12021-12-21 12:20:51.445root 11241100x8000000000000000653856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ec5da1525ebe9a2021-12-21 12:20:51.445root 11241100x8000000000000000653857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b96c47f5aa6d46f2021-12-21 12:20:51.445root 11241100x8000000000000000653858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc7c8d76d4c8fe22021-12-21 12:20:51.445root 11241100x8000000000000000653859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50cdc0653bb4d9f2021-12-21 12:20:51.445root 11241100x8000000000000000653860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d3612e62ccb2f42021-12-21 12:20:51.445root 11241100x8000000000000000653861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be233dcb667ab7502021-12-21 12:20:51.445root 11241100x8000000000000000653862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9ebd4aa6f3bb462021-12-21 12:20:51.446root 11241100x8000000000000000653863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48418b62cc38f32f2021-12-21 12:20:51.446root 11241100x8000000000000000653864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a677eaae6fc82242021-12-21 12:20:51.446root 11241100x8000000000000000653865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271f450529e3b8972021-12-21 12:20:51.446root 11241100x8000000000000000653866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ea9ea58bd2c7a72021-12-21 12:20:51.446root 11241100x8000000000000000653867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3621a041555026af2021-12-21 12:20:51.943root 11241100x8000000000000000653868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325ff58827e37b272021-12-21 12:20:51.943root 11241100x8000000000000000653869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78f55b146bfaf5e2021-12-21 12:20:51.943root 11241100x8000000000000000653870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab6db9b2fb3e5d02021-12-21 12:20:51.943root 11241100x8000000000000000653871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171836d2c7da35cb2021-12-21 12:20:51.943root 11241100x8000000000000000653872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05efffbfd4aab672021-12-21 12:20:51.944root 11241100x8000000000000000653873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fe9aec85ac82512021-12-21 12:20:51.944root 11241100x8000000000000000653874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73686a4923ca33be2021-12-21 12:20:51.944root 11241100x8000000000000000653875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed684b1b230131b2021-12-21 12:20:51.944root 11241100x8000000000000000653876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ebd69a2034a7352021-12-21 12:20:51.944root 11241100x8000000000000000653877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24b5b44f160138f2021-12-21 12:20:51.944root 11241100x8000000000000000653878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bf221f6fa8f9bb2021-12-21 12:20:51.944root 11241100x8000000000000000653879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57a91e8afa69a672021-12-21 12:20:51.944root 11241100x8000000000000000653880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c924db8cb4ea51242021-12-21 12:20:51.944root 11241100x8000000000000000653881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5307173d70ed9b62021-12-21 12:20:51.945root 11241100x8000000000000000653882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b96f474590c11472021-12-21 12:20:51.945root 11241100x8000000000000000653883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2866ffd64488738a2021-12-21 12:20:51.945root 11241100x8000000000000000653884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600d87f2a536151f2021-12-21 12:20:51.945root 11241100x8000000000000000653885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2223de118ff7f12021-12-21 12:20:51.945root 11241100x8000000000000000653886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206b1e5e35cbe9492021-12-21 12:20:51.945root 11241100x8000000000000000653887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7c5a98465480312021-12-21 12:20:51.945root 11241100x8000000000000000653888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989dcb44f89feb5d2021-12-21 12:20:51.945root 11241100x8000000000000000653889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b8dce2d566a1f12021-12-21 12:20:51.945root 11241100x8000000000000000653890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3d785cf99162852021-12-21 12:20:51.945root 11241100x8000000000000000653891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45929f65a58448a32021-12-21 12:20:51.945root 11241100x8000000000000000653892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bba3629bc1b02a32021-12-21 12:20:51.946root 11241100x8000000000000000653893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371086ede3a272342021-12-21 12:20:51.946root 11241100x8000000000000000653894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58224bf1556978df2021-12-21 12:20:51.946root 11241100x8000000000000000653895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77575a98af0fe8b2021-12-21 12:20:52.443root 11241100x8000000000000000653896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8badea4e89794f2d2021-12-21 12:20:52.443root 11241100x8000000000000000653897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c50b8efc4798f292021-12-21 12:20:52.443root 11241100x8000000000000000653898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed7cc76418e42e62021-12-21 12:20:52.443root 11241100x8000000000000000653899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6c013b3f7380b22021-12-21 12:20:52.443root 11241100x8000000000000000653900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55838a52fc7c38352021-12-21 12:20:52.443root 11241100x8000000000000000653901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16827aab857221c2021-12-21 12:20:52.443root 11241100x8000000000000000653902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da6bc2847842a7b2021-12-21 12:20:52.443root 11241100x8000000000000000653903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69986fe6f7afe7b32021-12-21 12:20:52.443root 11241100x8000000000000000653904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb24c943af1493292021-12-21 12:20:52.444root 11241100x8000000000000000653905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f3124b513688e12021-12-21 12:20:52.444root 11241100x8000000000000000653906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7965f5ad15d466f2021-12-21 12:20:52.444root 11241100x8000000000000000653907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af25161a246142b22021-12-21 12:20:52.444root 11241100x8000000000000000653908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035456e157b7c5132021-12-21 12:20:52.444root 11241100x8000000000000000653909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cb258604fff0602021-12-21 12:20:52.444root 11241100x8000000000000000653910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce547841227dbcd2021-12-21 12:20:52.444root 11241100x8000000000000000653911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799fd409a087b3f02021-12-21 12:20:52.444root 11241100x8000000000000000653912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184a90453916e54d2021-12-21 12:20:52.444root 11241100x8000000000000000653913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bee92aec6dcd842021-12-21 12:20:52.444root 11241100x8000000000000000653914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027cf0aace2594ed2021-12-21 12:20:52.445root 11241100x8000000000000000653915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f59d608e7be4792021-12-21 12:20:52.445root 11241100x8000000000000000653916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66220c6623d2700d2021-12-21 12:20:52.445root 11241100x8000000000000000653917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835ba6db50039b752021-12-21 12:20:52.445root 11241100x8000000000000000653918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f09750a629e5f022021-12-21 12:20:52.445root 11241100x8000000000000000653919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ea717207669e1a2021-12-21 12:20:52.445root 11241100x8000000000000000653920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4caa6e2864d71af2021-12-21 12:20:52.446root 11241100x8000000000000000653921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea311a5568bdc702021-12-21 12:20:52.446root 11241100x8000000000000000653922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61dd497e246d105b2021-12-21 12:20:52.943root 11241100x8000000000000000653923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf39281fc068bbd2021-12-21 12:20:52.943root 11241100x8000000000000000653924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4318040afa958842021-12-21 12:20:52.944root 11241100x8000000000000000653925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f1c43d3efbbb402021-12-21 12:20:52.944root 11241100x8000000000000000653926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9664bb30dc1e7f2021-12-21 12:20:52.944root 11241100x8000000000000000653927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd49d31842346262021-12-21 12:20:52.944root 11241100x8000000000000000653928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7bd03eff2b8b8a2021-12-21 12:20:52.944root 11241100x8000000000000000653929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ad27256f7b612b2021-12-21 12:20:52.944root 11241100x8000000000000000653930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba89788a607249202021-12-21 12:20:52.945root 11241100x8000000000000000653931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc2cc1c66f1decb2021-12-21 12:20:52.945root 11241100x8000000000000000653932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16dbf0c1e9fd68672021-12-21 12:20:52.945root 11241100x8000000000000000653933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3ecc14edaf05f62021-12-21 12:20:52.945root 11241100x8000000000000000653934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d109d6c5d69268a12021-12-21 12:20:52.946root 11241100x8000000000000000653935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5995f8ec746150422021-12-21 12:20:52.946root 11241100x8000000000000000653936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab121b8e328445062021-12-21 12:20:52.946root 11241100x8000000000000000653937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd0de971150fd852021-12-21 12:20:52.946root 11241100x8000000000000000653938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0714692eb89dcaaa2021-12-21 12:20:52.946root 11241100x8000000000000000653939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83177ca5c2e204542021-12-21 12:20:52.946root 11241100x8000000000000000653940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15933997cf0cf2d52021-12-21 12:20:52.946root 11241100x8000000000000000653941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5e802c39ac97f22021-12-21 12:20:52.946root 11241100x8000000000000000653942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9767d2510f2e1cab2021-12-21 12:20:52.946root 11241100x8000000000000000653943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142cdf8282639d722021-12-21 12:20:52.946root 11241100x8000000000000000653944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bdd6a2bf75f3e72021-12-21 12:20:52.947root 11241100x8000000000000000653945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410580215043fc392021-12-21 12:20:52.947root 11241100x8000000000000000653946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42fe9f7071d4dae32021-12-21 12:20:52.947root 11241100x8000000000000000653947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470d7e989f23315b2021-12-21 12:20:52.947root 11241100x8000000000000000653948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cba496012c7a6b2021-12-21 12:20:52.947root 354300x8000000000000000653949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.197{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49856-false10.0.1.12-8000- 11241100x8000000000000000653950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff06c2d4ade030d2021-12-21 12:20:53.197root 11241100x8000000000000000653951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e793b26f7418c9c2021-12-21 12:20:53.198root 11241100x8000000000000000653952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c495fbf9a2cad482021-12-21 12:20:53.198root 11241100x8000000000000000653953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b2f494c4f132b42021-12-21 12:20:53.198root 11241100x8000000000000000653954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16eb794059c453352021-12-21 12:20:53.198root 11241100x8000000000000000653955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f293c42c407c052021-12-21 12:20:53.198root 11241100x8000000000000000653956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85ded21a1d007492021-12-21 12:20:53.198root 11241100x8000000000000000653957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706a346ccd637fba2021-12-21 12:20:53.198root 11241100x8000000000000000653958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6d0b22b55e16e12021-12-21 12:20:53.198root 11241100x8000000000000000653959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c043fc799239b4d2021-12-21 12:20:53.199root 11241100x8000000000000000653960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ef7fef7c97b4112021-12-21 12:20:53.199root 11241100x8000000000000000653961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350108e656d3503f2021-12-21 12:20:53.199root 11241100x8000000000000000653962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac781554096c84c82021-12-21 12:20:53.199root 11241100x8000000000000000653963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c35ce7a3b4913492021-12-21 12:20:53.199root 11241100x8000000000000000653964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54946211d50cc1a32021-12-21 12:20:53.200root 11241100x8000000000000000653965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3a2f55e8c09cd82021-12-21 12:20:53.200root 11241100x8000000000000000653966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51269ea3237f00302021-12-21 12:20:53.200root 11241100x8000000000000000653967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334299f9ea6c4b7b2021-12-21 12:20:53.200root 11241100x8000000000000000653968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379593be8ad8677c2021-12-21 12:20:53.201root 11241100x8000000000000000653969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8fcb0923b4856a2021-12-21 12:20:53.201root 11241100x8000000000000000653970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27acc6b092fa0582021-12-21 12:20:53.201root 11241100x8000000000000000653971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e179cbda7c63812021-12-21 12:20:53.201root 11241100x8000000000000000653972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f728c1705645272021-12-21 12:20:53.201root 11241100x8000000000000000653973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71db1fbb592a5f972021-12-21 12:20:53.202root 11241100x8000000000000000653974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5cadca9ad975842021-12-21 12:20:53.202root 11241100x8000000000000000653975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7360931ed7501d32021-12-21 12:20:53.202root 11241100x8000000000000000653976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3087989df88b0b2021-12-21 12:20:53.202root 11241100x8000000000000000653977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2f54ac4013cf8e2021-12-21 12:20:53.202root 11241100x8000000000000000653978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869bbeb104279dcf2021-12-21 12:20:53.692root 11241100x8000000000000000653979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ee5f3c5c14c0c72021-12-21 12:20:53.693root 11241100x8000000000000000653980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1fa6e990892a822021-12-21 12:20:53.693root 11241100x8000000000000000653981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155260f95f6cd7832021-12-21 12:20:53.693root 11241100x8000000000000000653982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b90b17aa4300fd2021-12-21 12:20:53.693root 11241100x8000000000000000653983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae078747b21a4932021-12-21 12:20:53.693root 11241100x8000000000000000653984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c024c982b615c42021-12-21 12:20:53.693root 11241100x8000000000000000653985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050c76ece37f904c2021-12-21 12:20:53.693root 11241100x8000000000000000653986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b5945028ffe7972021-12-21 12:20:53.693root 11241100x8000000000000000653987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e482ee3b4bfd5c2021-12-21 12:20:53.694root 11241100x8000000000000000653988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafc0efe441710542021-12-21 12:20:53.694root 11241100x8000000000000000653989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9471c150fe8bfa8b2021-12-21 12:20:53.694root 11241100x8000000000000000653990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39a976c4f8a4fa72021-12-21 12:20:53.694root 11241100x8000000000000000653991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac3c4ac1f9b03db2021-12-21 12:20:53.694root 11241100x8000000000000000653992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9855adacc6bf750d2021-12-21 12:20:53.695root 11241100x8000000000000000653993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a876475124000422021-12-21 12:20:53.695root 11241100x8000000000000000653994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6638d0831a5be22021-12-21 12:20:53.695root 11241100x8000000000000000653995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec423cc6eb433a22021-12-21 12:20:53.695root 11241100x8000000000000000653996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8d900439a7a4f52021-12-21 12:20:53.695root 11241100x8000000000000000653997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59afff2e5968b38f2021-12-21 12:20:53.695root 11241100x8000000000000000653998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a89433012e1320f2021-12-21 12:20:53.695root 11241100x8000000000000000653999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0088260c6d86aa5e2021-12-21 12:20:53.696root 11241100x8000000000000000654000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8794c44a7620912021-12-21 12:20:53.696root 11241100x8000000000000000654001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecff0ba66f391682021-12-21 12:20:53.696root 11241100x8000000000000000654002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a62ae096ac04e0b2021-12-21 12:20:53.696root 11241100x8000000000000000654003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497269a19cfe12752021-12-21 12:20:53.696root 11241100x8000000000000000654004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49ba5fd9b335b5d2021-12-21 12:20:53.696root 11241100x8000000000000000654005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352ef6527df2e0be2021-12-21 12:20:53.696root 11241100x8000000000000000654006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9f10b41844d6a22021-12-21 12:20:54.193root 11241100x8000000000000000654007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afc27a9884346db2021-12-21 12:20:54.194root 11241100x8000000000000000654008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc57d9b17a6f2e8f2021-12-21 12:20:54.194root 11241100x8000000000000000654009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e46c1a4755cd15b2021-12-21 12:20:54.194root 11241100x8000000000000000654010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffa3d7e2c2c117b2021-12-21 12:20:54.194root 11241100x8000000000000000654011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf475392b2fe0f92021-12-21 12:20:54.195root 11241100x8000000000000000654012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf046571c1ddf192021-12-21 12:20:54.195root 11241100x8000000000000000654013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0128e1d21aa674db2021-12-21 12:20:54.195root 11241100x8000000000000000654014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3517d1d95960f97b2021-12-21 12:20:54.195root 11241100x8000000000000000654015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6312c67ef90521e22021-12-21 12:20:54.195root 11241100x8000000000000000654016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2658e629439dac12021-12-21 12:20:54.195root 11241100x8000000000000000654017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac76d00d93087bd2021-12-21 12:20:54.195root 11241100x8000000000000000654018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95a4f2ec34e13912021-12-21 12:20:54.196root 11241100x8000000000000000654019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac74d37997805bd42021-12-21 12:20:54.196root 11241100x8000000000000000654020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85055c37e7517a52021-12-21 12:20:54.196root 11241100x8000000000000000654021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fa5509441c70792021-12-21 12:20:54.196root 11241100x8000000000000000654022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fcd8b00903ce5f82021-12-21 12:20:54.196root 11241100x8000000000000000654023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48ac2b2ee7bc84e2021-12-21 12:20:54.196root 11241100x8000000000000000654024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d1010693e3b70a2021-12-21 12:20:54.196root 11241100x8000000000000000654025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825ecd2a207bdc432021-12-21 12:20:54.196root 11241100x8000000000000000654026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8728eaba45377f4e2021-12-21 12:20:54.196root 11241100x8000000000000000654027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc6794d07bca0122021-12-21 12:20:54.197root 11241100x8000000000000000654028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693da46deef584bf2021-12-21 12:20:54.197root 11241100x8000000000000000654029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a106deb5d54d492021-12-21 12:20:54.197root 11241100x8000000000000000654030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352ee1e30da7d9922021-12-21 12:20:54.197root 11241100x8000000000000000654031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36967a84d4dffe62021-12-21 12:20:54.197root 11241100x8000000000000000654032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f593251f507b09202021-12-21 12:20:54.197root 11241100x8000000000000000654033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654f40333c939e772021-12-21 12:20:54.197root 11241100x8000000000000000654034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fac9614ffadeac2021-12-21 12:20:54.692root 11241100x8000000000000000654035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124cbce574780ea62021-12-21 12:20:54.693root 11241100x8000000000000000654036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9245f6f405f1710b2021-12-21 12:20:54.693root 11241100x8000000000000000654037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4362067cf2649332021-12-21 12:20:54.693root 11241100x8000000000000000654038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddda7111c3972742021-12-21 12:20:54.693root 11241100x8000000000000000654039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e489d7af12fafe2021-12-21 12:20:54.694root 11241100x8000000000000000654040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad6aff7d8c8702d2021-12-21 12:20:54.694root 11241100x8000000000000000654041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0a1931e055c3df2021-12-21 12:20:54.694root 11241100x8000000000000000654042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b754abb21cc1d432021-12-21 12:20:54.694root 11241100x8000000000000000654043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1296e53501439ff42021-12-21 12:20:54.694root 11241100x8000000000000000654044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46819944112b49eb2021-12-21 12:20:54.695root 11241100x8000000000000000654045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178604813a2c57442021-12-21 12:20:54.695root 11241100x8000000000000000654046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af1224ec822e3062021-12-21 12:20:54.695root 11241100x8000000000000000654047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c3409f2b3b88502021-12-21 12:20:54.695root 11241100x8000000000000000654048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f6033ce026709b2021-12-21 12:20:54.695root 11241100x8000000000000000654049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b2562a52b42c2c2021-12-21 12:20:54.696root 11241100x8000000000000000654050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be0fcb8c9b218c12021-12-21 12:20:54.696root 11241100x8000000000000000654051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e450839bc6c2f9792021-12-21 12:20:54.696root 11241100x8000000000000000654052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad0d6eb971f68522021-12-21 12:20:54.696root 11241100x8000000000000000654053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9194e866473b81d92021-12-21 12:20:54.696root 11241100x8000000000000000654054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf40ec9d17aadb82021-12-21 12:20:54.696root 11241100x8000000000000000654055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d374515ce7344ea2021-12-21 12:20:54.696root 11241100x8000000000000000654056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd48845c223d98232021-12-21 12:20:54.697root 11241100x8000000000000000654057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b0363d39e7232a2021-12-21 12:20:54.697root 11241100x8000000000000000654058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e5b1f038d294fc2021-12-21 12:20:54.697root 11241100x8000000000000000654059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13f8d7bbdd0738a2021-12-21 12:20:54.697root 11241100x8000000000000000654060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aabdcf64e37fc2f2021-12-21 12:20:54.697root 11241100x8000000000000000654061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedec21a11d1e6f52021-12-21 12:20:54.697root 11241100x8000000000000000654062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfdfa4149e179a32021-12-21 12:20:54.698root 11241100x8000000000000000654063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266cba93ec77e0032021-12-21 12:20:54.698root 11241100x8000000000000000654064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2031ad1c70c09da52021-12-21 12:20:54.698root 11241100x8000000000000000654065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c68e7a61dd5a942021-12-21 12:20:54.698root 11241100x8000000000000000654066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935411f2ebd321d42021-12-21 12:20:55.194root 11241100x8000000000000000654067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ef377b0c83aaa52021-12-21 12:20:55.194root 11241100x8000000000000000654068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b0ce8207e8a85f2021-12-21 12:20:55.194root 11241100x8000000000000000654069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa3d041b8af353e2021-12-21 12:20:55.194root 11241100x8000000000000000654070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d584f1a5f7f1b4202021-12-21 12:20:55.194root 11241100x8000000000000000654071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29457a25e1892dca2021-12-21 12:20:55.194root 11241100x8000000000000000654072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bafa464f3825882021-12-21 12:20:55.194root 11241100x8000000000000000654073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de38aa8d1c68efe32021-12-21 12:20:55.194root 11241100x8000000000000000654074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5862183b820e1ede2021-12-21 12:20:55.194root 11241100x8000000000000000654075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce335f7f49420fe2021-12-21 12:20:55.194root 11241100x8000000000000000654076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbd2ebaf708acab2021-12-21 12:20:55.195root 11241100x8000000000000000654077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0575e1aadb48bdbc2021-12-21 12:20:55.195root 11241100x8000000000000000654078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bae3650e92dbba2021-12-21 12:20:55.195root 11241100x8000000000000000654079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8384194a53a353da2021-12-21 12:20:55.195root 11241100x8000000000000000654080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b912cd65fa23031d2021-12-21 12:20:55.195root 11241100x8000000000000000654081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6643af196498f3672021-12-21 12:20:55.195root 11241100x8000000000000000654082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7c265730dd317a2021-12-21 12:20:55.195root 11241100x8000000000000000654083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0d1c7000eea0fa2021-12-21 12:20:55.195root 11241100x8000000000000000654084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4920ca5efb5e1a2021-12-21 12:20:55.195root 11241100x8000000000000000654085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f852c2413bf78a32021-12-21 12:20:55.196root 11241100x8000000000000000654086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fef116c34124f72021-12-21 12:20:55.196root 11241100x8000000000000000654087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6739fd497442992021-12-21 12:20:55.196root 11241100x8000000000000000654088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aca313812b033642021-12-21 12:20:55.196root 11241100x8000000000000000654089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3efd244dcbdc0872021-12-21 12:20:55.196root 11241100x8000000000000000654090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eaf9a664e65afff2021-12-21 12:20:55.197root 11241100x8000000000000000654091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5855ba15a4e62872021-12-21 12:20:55.197root 11241100x8000000000000000654092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0edd3c844997ea2021-12-21 12:20:55.197root 11241100x8000000000000000654093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f872a1dd2ef1902021-12-21 12:20:55.197root 11241100x8000000000000000654094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f2e774a81361b52021-12-21 12:20:55.694root 11241100x8000000000000000654095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69687e27cec29f5e2021-12-21 12:20:55.694root 11241100x8000000000000000654096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b615c7d4e4f14d2021-12-21 12:20:55.694root 11241100x8000000000000000654097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f2e8412b4bbc182021-12-21 12:20:55.694root 11241100x8000000000000000654098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79734dc9fd7246b2021-12-21 12:20:55.695root 11241100x8000000000000000654099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4b28c73965e0de2021-12-21 12:20:55.695root 11241100x8000000000000000654100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c700982cd482a75c2021-12-21 12:20:55.695root 11241100x8000000000000000654101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b795b44e3533d42021-12-21 12:20:55.695root 11241100x8000000000000000654102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c630bfe422be32f72021-12-21 12:20:55.695root 11241100x8000000000000000654103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878c883ca745cab92021-12-21 12:20:55.695root 11241100x8000000000000000654104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67adb6a4ebec85022021-12-21 12:20:55.695root 11241100x8000000000000000654105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d56f3702e699132021-12-21 12:20:55.695root 11241100x8000000000000000654106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6690862a722602cb2021-12-21 12:20:55.696root 11241100x8000000000000000654107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d38ffefac47eae12021-12-21 12:20:55.696root 11241100x8000000000000000654108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6eec3956e3fb8682021-12-21 12:20:55.696root 11241100x8000000000000000654109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9331b8badc79b39e2021-12-21 12:20:55.696root 11241100x8000000000000000654110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4b601304980f222021-12-21 12:20:55.696root 11241100x8000000000000000654111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4a2f886c111da62021-12-21 12:20:55.696root 11241100x8000000000000000654112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45aa0da90ac972362021-12-21 12:20:55.696root 11241100x8000000000000000654113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d14e839e607d5b32021-12-21 12:20:55.696root 11241100x8000000000000000654114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3464d4146809ae42021-12-21 12:20:55.697root 11241100x8000000000000000654115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbef4e8042ecd1892021-12-21 12:20:55.697root 11241100x8000000000000000654116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc09a70a2c04a752021-12-21 12:20:55.697root 11241100x8000000000000000654117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189c8e501b33963f2021-12-21 12:20:55.697root 11241100x8000000000000000654118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8af90b8de4e8f312021-12-21 12:20:55.697root 11241100x8000000000000000654119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00200c04018536042021-12-21 12:20:55.697root 11241100x8000000000000000654120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fffea713f324d62021-12-21 12:20:55.697root 11241100x8000000000000000654121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8389f0c651beff1e2021-12-21 12:20:55.697root 11241100x8000000000000000654122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670f4a4dca2027802021-12-21 12:20:56.194root 11241100x8000000000000000654123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b519aea2705e312021-12-21 12:20:56.194root 11241100x8000000000000000654124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6494a6fb3cd09b2021-12-21 12:20:56.194root 11241100x8000000000000000654125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9671ea03dd3ddb52021-12-21 12:20:56.194root 11241100x8000000000000000654126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463486816cb467882021-12-21 12:20:56.194root 11241100x8000000000000000654127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea5f00c01984aa32021-12-21 12:20:56.194root 11241100x8000000000000000654128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b828636f6b61a862021-12-21 12:20:56.194root 11241100x8000000000000000654129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c78979fc44987182021-12-21 12:20:56.194root 11241100x8000000000000000654130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b1953d51ea013d2021-12-21 12:20:56.194root 11241100x8000000000000000654131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5d91dfc01661702021-12-21 12:20:56.194root 11241100x8000000000000000654132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05e65a4b909d7fc2021-12-21 12:20:56.194root 11241100x8000000000000000654133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e4e5b8dbf529782021-12-21 12:20:56.194root 11241100x8000000000000000654134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56edbb7af65438d2021-12-21 12:20:56.194root 11241100x8000000000000000654135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f8d2cfe5db247c2021-12-21 12:20:56.195root 11241100x8000000000000000654136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be07b777bd8fcc32021-12-21 12:20:56.195root 11241100x8000000000000000654137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c96887e986c01032021-12-21 12:20:56.195root 11241100x8000000000000000654138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5105cf17f8ccda282021-12-21 12:20:56.195root 11241100x8000000000000000654139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefb2c36fd4e83b72021-12-21 12:20:56.195root 11241100x8000000000000000654140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7354712e30c9f63b2021-12-21 12:20:56.195root 11241100x8000000000000000654141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e3e6be6de5bf0e2021-12-21 12:20:56.195root 11241100x8000000000000000654142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0fb01921a798f52021-12-21 12:20:56.195root 11241100x8000000000000000654143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ca87ad16de360a2021-12-21 12:20:56.195root 11241100x8000000000000000654144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd627205a06204c2021-12-21 12:20:56.195root 11241100x8000000000000000654145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef800bae2e141222021-12-21 12:20:56.195root 11241100x8000000000000000654146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10641913b887f3532021-12-21 12:20:56.195root 11241100x8000000000000000654147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f7cf6d06745f6d2021-12-21 12:20:56.195root 11241100x8000000000000000654148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363a230f186005db2021-12-21 12:20:56.195root 11241100x8000000000000000654149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ffd154b9fa5cb22021-12-21 12:20:56.196root 11241100x8000000000000000654150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6bb6bf66e854ad2021-12-21 12:20:56.694root 11241100x8000000000000000654151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4a23f1358b3dac2021-12-21 12:20:56.694root 11241100x8000000000000000654152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a4f66d648873eb2021-12-21 12:20:56.694root 11241100x8000000000000000654153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879519d746dd62182021-12-21 12:20:56.694root 11241100x8000000000000000654154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ccb90f28dadedb2021-12-21 12:20:56.694root 11241100x8000000000000000654155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56480adb314e6c422021-12-21 12:20:56.694root 11241100x8000000000000000654156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35b392a7a117ca72021-12-21 12:20:56.694root 11241100x8000000000000000654157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f1f0aebfbc054a2021-12-21 12:20:56.694root 11241100x8000000000000000654158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cc9ab6945df3db2021-12-21 12:20:56.694root 11241100x8000000000000000654159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34008170cad547fd2021-12-21 12:20:56.694root 11241100x8000000000000000654160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f5affb45178cd02021-12-21 12:20:56.694root 11241100x8000000000000000654161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2970a4229b75c02021-12-21 12:20:56.694root 11241100x8000000000000000654162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ece7b42dd493232021-12-21 12:20:56.694root 11241100x8000000000000000654163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0906531e81a6a0f42021-12-21 12:20:56.694root 11241100x8000000000000000654164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb95f13db4a2c18f2021-12-21 12:20:56.695root 11241100x8000000000000000654165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984890649a630c562021-12-21 12:20:56.695root 11241100x8000000000000000654166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25ec5e376948b2e2021-12-21 12:20:56.695root 11241100x8000000000000000654167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f469838b2bca51fa2021-12-21 12:20:56.695root 11241100x8000000000000000654168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51572da98dc57e002021-12-21 12:20:56.695root 11241100x8000000000000000654169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05951157c7704f32021-12-21 12:20:56.695root 11241100x8000000000000000654170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4e8c6bc0ba2cd02021-12-21 12:20:56.695root 11241100x8000000000000000654171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0588e70dacfee9c92021-12-21 12:20:56.695root 11241100x8000000000000000654172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e058d522d08f9132021-12-21 12:20:56.695root 11241100x8000000000000000654173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650c3154ba5fd1fe2021-12-21 12:20:56.695root 11241100x8000000000000000654174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9964c0aca82cbe42021-12-21 12:20:56.695root 11241100x8000000000000000654175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4374c43150ce372021-12-21 12:20:56.695root 11241100x8000000000000000654176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b86888b70b2d96e2021-12-21 12:20:56.695root 11241100x8000000000000000654177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410bc99943bf6c232021-12-21 12:20:56.695root 11241100x8000000000000000654178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbaf8d3a83f07422021-12-21 12:20:57.194root 11241100x8000000000000000654179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d855659c071459512021-12-21 12:20:57.194root 11241100x8000000000000000654180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8968ca6175e0c5532021-12-21 12:20:57.194root 11241100x8000000000000000654181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de76c46c3b666ef82021-12-21 12:20:57.194root 11241100x8000000000000000654182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89afb6dff8a9b5712021-12-21 12:20:57.194root 11241100x8000000000000000654183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a834f6803c45e72021-12-21 12:20:57.194root 11241100x8000000000000000654184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21141361d5468ceb2021-12-21 12:20:57.194root 11241100x8000000000000000654185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be257251eef4c5ff2021-12-21 12:20:57.194root 11241100x8000000000000000654186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550d90765b756dc92021-12-21 12:20:57.194root 11241100x8000000000000000654187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d16520b23549302021-12-21 12:20:57.195root 11241100x8000000000000000654188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c9d173242ab5fc2021-12-21 12:20:57.195root 11241100x8000000000000000654189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7698d2b12a4d43072021-12-21 12:20:57.195root 11241100x8000000000000000654190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63c32ed4c85333c2021-12-21 12:20:57.195root 11241100x8000000000000000654191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bb73fbec2be0182021-12-21 12:20:57.195root 11241100x8000000000000000654192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09afe691ade8ad1e2021-12-21 12:20:57.195root 11241100x8000000000000000654193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c7dacda8b930c12021-12-21 12:20:57.195root 11241100x8000000000000000654194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facfc0f4c00689542021-12-21 12:20:57.195root 11241100x8000000000000000654195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacc894576ab398b2021-12-21 12:20:57.195root 11241100x8000000000000000654196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d78ea1083bfd0b12021-12-21 12:20:57.195root 11241100x8000000000000000654197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdb1e95965093642021-12-21 12:20:57.195root 11241100x8000000000000000654198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509bbbf3f513fbaf2021-12-21 12:20:57.195root 11241100x8000000000000000654199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1955db2f3ae2d4782021-12-21 12:20:57.195root 11241100x8000000000000000654200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30332ba2fc2bec52021-12-21 12:20:57.195root 11241100x8000000000000000654201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66c01bc51510e0b2021-12-21 12:20:57.196root 11241100x8000000000000000654202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1153995df49009172021-12-21 12:20:57.196root 11241100x8000000000000000654203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52a8f21b227b3e92021-12-21 12:20:57.196root 11241100x8000000000000000654204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c76f1c1ebb8a9ea2021-12-21 12:20:57.196root 11241100x8000000000000000654205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311b4ca86ee295542021-12-21 12:20:57.196root 11241100x8000000000000000654206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3077f63f25196d92021-12-21 12:20:57.694root 11241100x8000000000000000654207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aeff0482e03c4d52021-12-21 12:20:57.694root 11241100x8000000000000000654208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b69933a6d66cc472021-12-21 12:20:57.694root 11241100x8000000000000000654209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7896eeb18acd502021-12-21 12:20:57.694root 11241100x8000000000000000654210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6324262d83223602021-12-21 12:20:57.694root 11241100x8000000000000000654211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac09c6af8e874dd2021-12-21 12:20:57.694root 11241100x8000000000000000654212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80b43d4a2a8d1a82021-12-21 12:20:57.694root 11241100x8000000000000000654213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1fb9ac3bf2939b2021-12-21 12:20:57.694root 11241100x8000000000000000654214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb642317dc66f472021-12-21 12:20:57.694root 11241100x8000000000000000654215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fa7557fbf328cf2021-12-21 12:20:57.695root 11241100x8000000000000000654216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a157981cd0046dfa2021-12-21 12:20:57.695root 11241100x8000000000000000654217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eec7afdf0df36bc2021-12-21 12:20:57.695root 11241100x8000000000000000654218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f0e4120a9935042021-12-21 12:20:57.695root 11241100x8000000000000000654219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a2291db75ca2e72021-12-21 12:20:57.695root 11241100x8000000000000000654220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b621ca8c01ad812021-12-21 12:20:57.695root 11241100x8000000000000000654221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef5139d1682de452021-12-21 12:20:57.695root 11241100x8000000000000000654222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6e59e2723c11012021-12-21 12:20:57.695root 11241100x8000000000000000654223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267b20f2d37ea1872021-12-21 12:20:57.695root 11241100x8000000000000000654224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0da2a8b8b1fd5a62021-12-21 12:20:57.695root 11241100x8000000000000000654225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f1d90dbb3812952021-12-21 12:20:57.695root 11241100x8000000000000000654226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a148f3e88805d22021-12-21 12:20:57.696root 11241100x8000000000000000654227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342e2ebe52bf5b442021-12-21 12:20:57.696root 11241100x8000000000000000654228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81776ea2d5da68822021-12-21 12:20:57.696root 11241100x8000000000000000654229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511f064346250cb72021-12-21 12:20:57.696root 11241100x8000000000000000654230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e256116789515d0d2021-12-21 12:20:57.696root 11241100x8000000000000000654231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9d2b0b30342abd2021-12-21 12:20:57.696root 11241100x8000000000000000654232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2187661a521994db2021-12-21 12:20:57.696root 11241100x8000000000000000654233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc9615a6ef62a082021-12-21 12:20:57.696root 11241100x8000000000000000654234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95199782fb2eec8c2021-12-21 12:20:58.194root 11241100x8000000000000000654235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc7c8fb62c503da2021-12-21 12:20:58.194root 11241100x8000000000000000654236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fde97f13983fcb2021-12-21 12:20:58.194root 11241100x8000000000000000654237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60006f7f4cd094042021-12-21 12:20:58.194root 11241100x8000000000000000654238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7a14dae671ceec2021-12-21 12:20:58.194root 11241100x8000000000000000654239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e18039e013453762021-12-21 12:20:58.194root 11241100x8000000000000000654240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82208c1130d32b402021-12-21 12:20:58.194root 11241100x8000000000000000654241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e90abd15e6faa9a2021-12-21 12:20:58.194root 11241100x8000000000000000654242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110f784afd3b0ff42021-12-21 12:20:58.194root 11241100x8000000000000000654243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1910c29733494b422021-12-21 12:20:58.194root 11241100x8000000000000000654244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1e817a8d34ae5d2021-12-21 12:20:58.194root 11241100x8000000000000000654245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff3dc4bb375aa2a2021-12-21 12:20:58.194root 11241100x8000000000000000654246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe8ec4ba6cc02402021-12-21 12:20:58.194root 11241100x8000000000000000654247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c1ba3f9ca0c8f92021-12-21 12:20:58.194root 11241100x8000000000000000654248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c96422c468f9092021-12-21 12:20:58.195root 11241100x8000000000000000654249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74032ded9b631282021-12-21 12:20:58.195root 11241100x8000000000000000654250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93a7c66806ef58c2021-12-21 12:20:58.195root 11241100x8000000000000000654251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d28850fb88dafc2021-12-21 12:20:58.195root 11241100x8000000000000000654252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86113481dc46b45f2021-12-21 12:20:58.195root 11241100x8000000000000000654253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9465778569a06b022021-12-21 12:20:58.195root 11241100x8000000000000000654254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2199c30412eee22021-12-21 12:20:58.195root 11241100x8000000000000000654255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cbac599ff6d8102021-12-21 12:20:58.195root 11241100x8000000000000000654256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a737166bf97aa3b2021-12-21 12:20:58.195root 11241100x8000000000000000654257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee323cf97237b6b2021-12-21 12:20:58.195root 11241100x8000000000000000654258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1016c52ed38584452021-12-21 12:20:58.195root 11241100x8000000000000000654259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9973ce2d4d22182021-12-21 12:20:58.195root 11241100x8000000000000000654260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b004349a96bd2102021-12-21 12:20:58.196root 11241100x8000000000000000654261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6331b333cb7df1662021-12-21 12:20:58.196root 354300x8000000000000000654262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.227{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49858-false10.0.1.12-8000- 11241100x8000000000000000654263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e6c7b04901a0c22021-12-21 12:20:58.694root 11241100x8000000000000000654264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3dc2632da5ba192021-12-21 12:20:58.694root 11241100x8000000000000000654265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7edb6868d0026332021-12-21 12:20:58.694root 11241100x8000000000000000654266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d453c46e0f74ed2021-12-21 12:20:58.694root 11241100x8000000000000000654267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cf03cd4488ede92021-12-21 12:20:58.694root 11241100x8000000000000000654268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462848f677500af52021-12-21 12:20:58.694root 11241100x8000000000000000654269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5070a492055e54df2021-12-21 12:20:58.694root 11241100x8000000000000000654270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f623802bcd73240e2021-12-21 12:20:58.694root 11241100x8000000000000000654271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d31a75581a93fd2021-12-21 12:20:58.694root 11241100x8000000000000000654272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a61d0265a27c5b2021-12-21 12:20:58.695root 11241100x8000000000000000654273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3542dbe71419ef2021-12-21 12:20:58.695root 11241100x8000000000000000654274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e89592df5fe12a2021-12-21 12:20:58.695root 11241100x8000000000000000654275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538f5981d26df6692021-12-21 12:20:58.695root 11241100x8000000000000000654276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c3a05fb0f34eaf2021-12-21 12:20:58.695root 11241100x8000000000000000654277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a10fb4cfb933faf2021-12-21 12:20:58.695root 11241100x8000000000000000654278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce61ce4e678127592021-12-21 12:20:58.695root 11241100x8000000000000000654279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4640dd0af05e932021-12-21 12:20:58.695root 11241100x8000000000000000654280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd4173d5425c8822021-12-21 12:20:58.696root 11241100x8000000000000000654281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe4274a9f9187902021-12-21 12:20:58.696root 11241100x8000000000000000654282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cb79fc717d0dd92021-12-21 12:20:58.696root 11241100x8000000000000000654283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18ee7e4692713832021-12-21 12:20:58.696root 11241100x8000000000000000654284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88e9f901b4826c52021-12-21 12:20:58.697root 11241100x8000000000000000654285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65210282cdc6ac592021-12-21 12:20:58.697root 11241100x8000000000000000654286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d96629aa2272d12021-12-21 12:20:58.697root 11241100x8000000000000000654287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509306e690e01ceb2021-12-21 12:20:58.697root 11241100x8000000000000000654288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893cb80d99de213b2021-12-21 12:20:58.697root 11241100x8000000000000000654289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b72d921220e1e82021-12-21 12:20:58.697root 11241100x8000000000000000654290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8f29a02507244e2021-12-21 12:20:58.697root 11241100x8000000000000000654291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef929bf6548003992021-12-21 12:20:58.697root 11241100x8000000000000000654292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbe0b9ce8b6c5472021-12-21 12:20:59.194root 11241100x8000000000000000654293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d5bbafb659f2032021-12-21 12:20:59.194root 11241100x8000000000000000654294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f073184525c5e0b2021-12-21 12:20:59.194root 11241100x8000000000000000654295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b06fc0103023b12021-12-21 12:20:59.194root 11241100x8000000000000000654296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d573af57841358762021-12-21 12:20:59.194root 11241100x8000000000000000654297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f24ac70b73872d62021-12-21 12:20:59.194root 11241100x8000000000000000654298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6842becced675e6f2021-12-21 12:20:59.194root 11241100x8000000000000000654299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae58403306121c5f2021-12-21 12:20:59.194root 11241100x8000000000000000654300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c3250605c5768d2021-12-21 12:20:59.194root 11241100x8000000000000000654301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae086607be791452021-12-21 12:20:59.195root 11241100x8000000000000000654302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a969d3a0093ad6b72021-12-21 12:20:59.195root 11241100x8000000000000000654303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f67f75e88439ee2021-12-21 12:20:59.195root 11241100x8000000000000000654304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa3a5aa939d038e2021-12-21 12:20:59.195root 11241100x8000000000000000654305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375e8e53909f46ef2021-12-21 12:20:59.195root 11241100x8000000000000000654306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfabec3c81fd02a2021-12-21 12:20:59.195root 11241100x8000000000000000654307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb765b65e2bc5e72021-12-21 12:20:59.195root 11241100x8000000000000000654308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223ee15fa900fecf2021-12-21 12:20:59.195root 11241100x8000000000000000654309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41437682a71190a72021-12-21 12:20:59.195root 11241100x8000000000000000654310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e387866b13934d2021-12-21 12:20:59.195root 11241100x8000000000000000654311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc932ba192065e32021-12-21 12:20:59.196root 11241100x8000000000000000654312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf25e50145ab90502021-12-21 12:20:59.196root 11241100x8000000000000000654313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff1ebff4bf660c42021-12-21 12:20:59.196root 11241100x8000000000000000654314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c003d9f99f863b552021-12-21 12:20:59.196root 11241100x8000000000000000654315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca0a153184cfc702021-12-21 12:20:59.196root 11241100x8000000000000000654316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b32bc4e6ca45102021-12-21 12:20:59.196root 11241100x8000000000000000654317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee3edb90219f5422021-12-21 12:20:59.197root 11241100x8000000000000000654318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1310f80ee66a6962021-12-21 12:20:59.197root 11241100x8000000000000000654319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c39d69e7049a6c2021-12-21 12:20:59.197root 11241100x8000000000000000654320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12039ac2221c64822021-12-21 12:20:59.197root 11241100x8000000000000000654321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52df85b270bf50962021-12-21 12:20:59.694root 11241100x8000000000000000654322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08381a86ed677fb2021-12-21 12:20:59.694root 11241100x8000000000000000654323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373f1bb22c08cc192021-12-21 12:20:59.694root 11241100x8000000000000000654324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33530cfbdc0130142021-12-21 12:20:59.694root 11241100x8000000000000000654325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23429e20e08179c92021-12-21 12:20:59.694root 11241100x8000000000000000654326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1f7220bdd9f2392021-12-21 12:20:59.694root 11241100x8000000000000000654327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c07d36a8c7519e42021-12-21 12:20:59.694root 11241100x8000000000000000654328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cc75d0480867ba2021-12-21 12:20:59.694root 11241100x8000000000000000654329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46303f873646e6c2021-12-21 12:20:59.694root 11241100x8000000000000000654330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94aee391e08a807b2021-12-21 12:20:59.694root 11241100x8000000000000000654331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5ffc2c4d0be0612021-12-21 12:20:59.695root 11241100x8000000000000000654332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47f61c88a50bd1d2021-12-21 12:20:59.695root 11241100x8000000000000000654333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c874a2ca683e1ed2021-12-21 12:20:59.695root 11241100x8000000000000000654334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127d7a14983c073f2021-12-21 12:20:59.695root 11241100x8000000000000000654335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0622a8fff4f15bcf2021-12-21 12:20:59.695root 11241100x8000000000000000654336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976b3aadeb862a3b2021-12-21 12:20:59.695root 11241100x8000000000000000654337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603f99fe3e4a605f2021-12-21 12:20:59.695root 11241100x8000000000000000654338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b0f1bff77911ec2021-12-21 12:20:59.695root 11241100x8000000000000000654339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e3c067797896872021-12-21 12:20:59.695root 11241100x8000000000000000654340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4482cd58c422c0da2021-12-21 12:20:59.695root 11241100x8000000000000000654341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de3c028c3760b402021-12-21 12:20:59.696root 11241100x8000000000000000654342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e82f50deb0d6fc2021-12-21 12:20:59.696root 11241100x8000000000000000654343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52aecc2781e8369b2021-12-21 12:20:59.696root 11241100x8000000000000000654344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56246c432c5397b62021-12-21 12:20:59.696root 11241100x8000000000000000654345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5aef63c8136dad2021-12-21 12:20:59.696root 11241100x8000000000000000654346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6dd97ec34c687b2021-12-21 12:20:59.696root 11241100x8000000000000000654347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cbbf1bf48a22422021-12-21 12:20:59.697root 11241100x8000000000000000654348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f7d04b8fe4dd5c2021-12-21 12:20:59.697root 11241100x8000000000000000654349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:20:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0dd84bba711c272021-12-21 12:20:59.697root 11241100x8000000000000000654350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac986bb69f9c97792021-12-21 12:21:00.194root 11241100x8000000000000000654351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977e63646828cbbb2021-12-21 12:21:00.194root 11241100x8000000000000000654352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db117b8e8d92d9d2021-12-21 12:21:00.194root 11241100x8000000000000000654353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92545ff1cb8c40662021-12-21 12:21:00.194root 11241100x8000000000000000654354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc5000023f49cc72021-12-21 12:21:00.194root 11241100x8000000000000000654355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03db7645249fb9ad2021-12-21 12:21:00.194root 11241100x8000000000000000654356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343d90afded9b2652021-12-21 12:21:00.194root 11241100x8000000000000000654357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e365e1b714811ea2021-12-21 12:21:00.194root 11241100x8000000000000000654358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defb2c4bbfb5c7ff2021-12-21 12:21:00.194root 11241100x8000000000000000654359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d6330b42ac78bb2021-12-21 12:21:00.195root 11241100x8000000000000000654360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f8827445cdef2b2021-12-21 12:21:00.195root 11241100x8000000000000000654361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace7ebfd5ca6c35a2021-12-21 12:21:00.195root 11241100x8000000000000000654362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb4148e943f5ba82021-12-21 12:21:00.195root 11241100x8000000000000000654363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572f820374c4c8182021-12-21 12:21:00.195root 11241100x8000000000000000654364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a330bc6f978beb7c2021-12-21 12:21:00.196root 11241100x8000000000000000654365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939f8e3f4448e7b32021-12-21 12:21:00.196root 11241100x8000000000000000654366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169b7b3ecd3eb34d2021-12-21 12:21:00.196root 11241100x8000000000000000654367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa965ebf20d37f3a2021-12-21 12:21:00.196root 11241100x8000000000000000654368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac4fd9a2ccf70a82021-12-21 12:21:00.196root 11241100x8000000000000000654369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ebea149b7d67ea2021-12-21 12:21:00.196root 11241100x8000000000000000654370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8684a1253057fe902021-12-21 12:21:00.197root 11241100x8000000000000000654371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2301a91f12777d7f2021-12-21 12:21:00.197root 11241100x8000000000000000654372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de38d5e52294c02f2021-12-21 12:21:00.197root 11241100x8000000000000000654373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f4a9dd5e622fad2021-12-21 12:21:00.197root 11241100x8000000000000000654374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d7afb5b62ff4232021-12-21 12:21:00.197root 11241100x8000000000000000654375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173af883258677342021-12-21 12:21:00.201root 11241100x8000000000000000654376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4f12dc9776c7fd2021-12-21 12:21:00.201root 11241100x8000000000000000654377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9803239df3074442021-12-21 12:21:00.201root 11241100x8000000000000000654378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff551c1bcd3ad262021-12-21 12:21:00.201root 11241100x8000000000000000654379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a21e960019332a2021-12-21 12:21:00.694root 11241100x8000000000000000654380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786adfe2da42b4c22021-12-21 12:21:00.694root 11241100x8000000000000000654381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406023d02b48bbd62021-12-21 12:21:00.694root 11241100x8000000000000000654382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff6590cb00fed1d2021-12-21 12:21:00.694root 11241100x8000000000000000654383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc1db1ea95c5ed12021-12-21 12:21:00.694root 11241100x8000000000000000654384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7122dd006fcf28e2021-12-21 12:21:00.694root 11241100x8000000000000000654385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0bcdd6407fea892021-12-21 12:21:00.694root 11241100x8000000000000000654386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37eaad211c3a56ba2021-12-21 12:21:00.694root 11241100x8000000000000000654387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db06d7543b3a3442021-12-21 12:21:00.694root 11241100x8000000000000000654388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885aa010d02444af2021-12-21 12:21:00.694root 11241100x8000000000000000654389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822e790cc946f7612021-12-21 12:21:00.694root 11241100x8000000000000000654390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb194667374497d32021-12-21 12:21:00.695root 11241100x8000000000000000654391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61092a01833507582021-12-21 12:21:00.695root 11241100x8000000000000000654392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe81e620be72b8c22021-12-21 12:21:00.695root 11241100x8000000000000000654393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dc1959f1aca3f92021-12-21 12:21:00.695root 11241100x8000000000000000654394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4331b0cbd8b51b002021-12-21 12:21:00.695root 11241100x8000000000000000654395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d03d698eb5bdde72021-12-21 12:21:00.695root 11241100x8000000000000000654396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3beba8bab6d7d0b62021-12-21 12:21:00.695root 11241100x8000000000000000654397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70371bfcdc960dc2021-12-21 12:21:00.695root 11241100x8000000000000000654398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1512ae191d25032c2021-12-21 12:21:00.695root 11241100x8000000000000000654399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a677de06b8a40d152021-12-21 12:21:00.696root 11241100x8000000000000000654400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf44c47e0b57fe522021-12-21 12:21:00.696root 11241100x8000000000000000654401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ba6af1c35cf63d2021-12-21 12:21:00.696root 11241100x8000000000000000654402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bf87882ccfef212021-12-21 12:21:00.696root 11241100x8000000000000000654403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478f0e80d0277db92021-12-21 12:21:00.696root 11241100x8000000000000000654404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88da1c64331ab6102021-12-21 12:21:00.696root 11241100x8000000000000000654405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d064ce7d4f327a9f2021-12-21 12:21:00.696root 11241100x8000000000000000654406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b1c7f35e668d482021-12-21 12:21:00.696root 11241100x8000000000000000654407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92208582391dead12021-12-21 12:21:00.696root 11241100x8000000000000000654408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f905bf4682dbd12021-12-21 12:21:01.194root 11241100x8000000000000000654409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5143eac03bed5f2021-12-21 12:21:01.194root 11241100x8000000000000000654410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c5ec18b729f97f2021-12-21 12:21:01.194root 11241100x8000000000000000654411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad1ec48e92a85f72021-12-21 12:21:01.194root 11241100x8000000000000000654412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74893f5003e565852021-12-21 12:21:01.194root 11241100x8000000000000000654413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf863d177d973be2021-12-21 12:21:01.194root 11241100x8000000000000000654414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41b2873dccc9e8b2021-12-21 12:21:01.194root 11241100x8000000000000000654415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa5a88f4d9492452021-12-21 12:21:01.194root 11241100x8000000000000000654416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f011074ef7cd9d4f2021-12-21 12:21:01.194root 11241100x8000000000000000654417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf3eb95240d3b142021-12-21 12:21:01.194root 11241100x8000000000000000654418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2229b33fa8adcbe02021-12-21 12:21:01.194root 11241100x8000000000000000654419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a964006e6b2e6392021-12-21 12:21:01.195root 11241100x8000000000000000654420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861aad1c0bbb193e2021-12-21 12:21:01.195root 11241100x8000000000000000654421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f875053fbc8b93282021-12-21 12:21:01.195root 11241100x8000000000000000654422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a795e74e694769192021-12-21 12:21:01.195root 11241100x8000000000000000654423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c160614924cc5782021-12-21 12:21:01.195root 11241100x8000000000000000654424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884614ab651b9b732021-12-21 12:21:01.195root 11241100x8000000000000000654425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028d092b09bf14442021-12-21 12:21:01.195root 11241100x8000000000000000654426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062d6e2e882793872021-12-21 12:21:01.195root 11241100x8000000000000000654427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66e85552f7e809a2021-12-21 12:21:01.195root 11241100x8000000000000000654428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbb4c209f756fbe2021-12-21 12:21:01.195root 11241100x8000000000000000654429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f3b2652e542d652021-12-21 12:21:01.196root 11241100x8000000000000000654430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301182ea2570f6c92021-12-21 12:21:01.196root 11241100x8000000000000000654431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4838e1e5e485708e2021-12-21 12:21:01.196root 11241100x8000000000000000654432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38b93734bb297f02021-12-21 12:21:01.196root 11241100x8000000000000000654433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26cd186a4500d4d2021-12-21 12:21:01.196root 11241100x8000000000000000654434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66a48d4d2cd7e502021-12-21 12:21:01.196root 11241100x8000000000000000654435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0beda0bfc224070c2021-12-21 12:21:01.196root 11241100x8000000000000000654436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f500313122e7ef52021-12-21 12:21:01.196root 11241100x8000000000000000654437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571236fd4e3d88c52021-12-21 12:21:01.694root 11241100x8000000000000000654438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a7cf7bd6099b212021-12-21 12:21:01.694root 11241100x8000000000000000654439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755fd3f24db733752021-12-21 12:21:01.694root 11241100x8000000000000000654440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e7c237d7e34a792021-12-21 12:21:01.694root 11241100x8000000000000000654441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cc4be160caf16f2021-12-21 12:21:01.694root 11241100x8000000000000000654442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0487ea53cf14ffe2021-12-21 12:21:01.694root 11241100x8000000000000000654443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5c923ecd84f4202021-12-21 12:21:01.694root 11241100x8000000000000000654444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d609755d627ab12021-12-21 12:21:01.694root 11241100x8000000000000000654445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814c7fea546c5d042021-12-21 12:21:01.694root 11241100x8000000000000000654446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444f06cb9bc087f92021-12-21 12:21:01.695root 11241100x8000000000000000654447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce477872168516b2021-12-21 12:21:01.695root 11241100x8000000000000000654448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda36f0c9948dd1a2021-12-21 12:21:01.695root 11241100x8000000000000000654449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1157ad3cd54e00192021-12-21 12:21:01.695root 11241100x8000000000000000654450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2d7557a93a06622021-12-21 12:21:01.695root 11241100x8000000000000000654451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b7733af71092e02021-12-21 12:21:01.695root 11241100x8000000000000000654452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0610334b0d8ba5dd2021-12-21 12:21:01.695root 11241100x8000000000000000654453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004deba01073419a2021-12-21 12:21:01.696root 11241100x8000000000000000654454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b39d3de9b7b2f82021-12-21 12:21:01.696root 11241100x8000000000000000654455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a626cde4e98bf8cf2021-12-21 12:21:01.696root 11241100x8000000000000000654456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1617cda0cc732a22021-12-21 12:21:01.696root 11241100x8000000000000000654457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df16c4d8a391d9372021-12-21 12:21:01.696root 11241100x8000000000000000654458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92503ccbee42e1d2021-12-21 12:21:01.696root 11241100x8000000000000000654459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22019e5574b52702021-12-21 12:21:01.697root 11241100x8000000000000000654460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9579d2d950afc0b82021-12-21 12:21:01.697root 11241100x8000000000000000654461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae3e8a11efa09b92021-12-21 12:21:01.697root 11241100x8000000000000000654462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b41ef555d8dc752021-12-21 12:21:01.697root 11241100x8000000000000000654463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bfe16230d257bf2021-12-21 12:21:01.697root 11241100x8000000000000000654464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec91c34c3b44aa62021-12-21 12:21:01.698root 11241100x8000000000000000654465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844202a36caf2e6a2021-12-21 12:21:01.698root 11241100x8000000000000000654466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70719f320159f2cd2021-12-21 12:21:02.194root 11241100x8000000000000000654467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6271dfd682e5492021-12-21 12:21:02.194root 11241100x8000000000000000654468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac9ba1a122041b32021-12-21 12:21:02.194root 11241100x8000000000000000654469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e9d3c610a130bf2021-12-21 12:21:02.194root 11241100x8000000000000000654470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0caa40ccb67b402021-12-21 12:21:02.194root 11241100x8000000000000000654471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1441bb0f4ccbbe2021-12-21 12:21:02.194root 11241100x8000000000000000654472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b927eddd71ff34212021-12-21 12:21:02.194root 11241100x8000000000000000654473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59066b4cb0052ae32021-12-21 12:21:02.194root 11241100x8000000000000000654474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb4840a4e0c171e2021-12-21 12:21:02.194root 11241100x8000000000000000654475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295ef5070ddeaad62021-12-21 12:21:02.194root 11241100x8000000000000000654476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879176c36cfe1bcb2021-12-21 12:21:02.195root 11241100x8000000000000000654477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08036461c518d9b32021-12-21 12:21:02.195root 11241100x8000000000000000654478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda802c7adf0377a2021-12-21 12:21:02.195root 11241100x8000000000000000654479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640b4a98a18759702021-12-21 12:21:02.195root 11241100x8000000000000000654480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0118c41d7d0e58082021-12-21 12:21:02.195root 11241100x8000000000000000654481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdb25d374fe2e1f2021-12-21 12:21:02.195root 11241100x8000000000000000654482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe58f5d9787891362021-12-21 12:21:02.195root 11241100x8000000000000000654483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7dfebb750bb66ae2021-12-21 12:21:02.195root 11241100x8000000000000000654484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20be3f3b13398b332021-12-21 12:21:02.195root 11241100x8000000000000000654485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a7420559d1fa842021-12-21 12:21:02.195root 11241100x8000000000000000654486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caaa3ab984314e032021-12-21 12:21:02.195root 11241100x8000000000000000654487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d266ba31e9136cd2021-12-21 12:21:02.196root 11241100x8000000000000000654488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d64bc9ae151b8b2021-12-21 12:21:02.196root 11241100x8000000000000000654489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a955efdc400133132021-12-21 12:21:02.196root 11241100x8000000000000000654490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8d16a7e279160a2021-12-21 12:21:02.196root 11241100x8000000000000000654491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0f12446aaa94f62021-12-21 12:21:02.196root 11241100x8000000000000000654492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f10cfbfa390d6662021-12-21 12:21:02.196root 11241100x8000000000000000654493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b34a4e5619067a2021-12-21 12:21:02.196root 11241100x8000000000000000654494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b5655a65eb65eb2021-12-21 12:21:02.196root 11241100x8000000000000000654495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a1d43a2c1d387d2021-12-21 12:21:02.694root 11241100x8000000000000000654496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c83eae6af26e2832021-12-21 12:21:02.694root 11241100x8000000000000000654497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43aff5b179dcaca2021-12-21 12:21:02.694root 11241100x8000000000000000654498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d35b2febbb82f22021-12-21 12:21:02.694root 11241100x8000000000000000654499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3740fdfb468d1f3b2021-12-21 12:21:02.694root 11241100x8000000000000000654500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9499be66e779f372021-12-21 12:21:02.694root 11241100x8000000000000000654501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfbd9031d7109e62021-12-21 12:21:02.694root 11241100x8000000000000000654502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b09e5d870ec7e6c2021-12-21 12:21:02.694root 11241100x8000000000000000654503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7caa777d8488072021-12-21 12:21:02.694root 11241100x8000000000000000654504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edc9be9b036fd792021-12-21 12:21:02.695root 11241100x8000000000000000654505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f129e4ba7161632021-12-21 12:21:02.695root 11241100x8000000000000000654506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2d50b22cba144f2021-12-21 12:21:02.695root 11241100x8000000000000000654507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1440b345dfd9c83e2021-12-21 12:21:02.695root 11241100x8000000000000000654508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82feef2ccf01d7682021-12-21 12:21:02.695root 11241100x8000000000000000654509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121c8a700fdde59c2021-12-21 12:21:02.695root 11241100x8000000000000000654510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5c5a59a2ad0c082021-12-21 12:21:02.695root 11241100x8000000000000000654511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c712944af1d358322021-12-21 12:21:02.695root 11241100x8000000000000000654512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb831990dc15bd242021-12-21 12:21:02.695root 11241100x8000000000000000654513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc8494fdfe841db2021-12-21 12:21:02.695root 11241100x8000000000000000654514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f1d3f41c48ece62021-12-21 12:21:02.696root 11241100x8000000000000000654515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a15278a33463e22021-12-21 12:21:02.696root 11241100x8000000000000000654516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3367dd2dd2539d2021-12-21 12:21:02.696root 11241100x8000000000000000654517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03177b5058522ac2021-12-21 12:21:02.696root 11241100x8000000000000000654518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b31aa8a41645ece2021-12-21 12:21:02.696root 11241100x8000000000000000654519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f778445d6f88508f2021-12-21 12:21:02.696root 11241100x8000000000000000654520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a39618f67d9907e2021-12-21 12:21:02.696root 11241100x8000000000000000654521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39eee1e1010ef2b2021-12-21 12:21:02.696root 11241100x8000000000000000654522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39057be3dcc2d9672021-12-21 12:21:02.696root 11241100x8000000000000000654523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d6ca338c389ed52021-12-21 12:21:02.696root 11241100x8000000000000000654524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86bb6760d8060ff2021-12-21 12:21:03.194root 11241100x8000000000000000654525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fde850421a948a12021-12-21 12:21:03.194root 11241100x8000000000000000654526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dad4bac6e568ec2021-12-21 12:21:03.194root 11241100x8000000000000000654527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df5304d6d4369592021-12-21 12:21:03.194root 11241100x8000000000000000654528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c2e4d0a0f219802021-12-21 12:21:03.194root 11241100x8000000000000000654529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f47c171a2f62d32021-12-21 12:21:03.194root 11241100x8000000000000000654530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7fd38e32acf1762021-12-21 12:21:03.194root 11241100x8000000000000000654531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4abbc2bbc98bd42021-12-21 12:21:03.194root 11241100x8000000000000000654532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49e39513a6b51842021-12-21 12:21:03.195root 11241100x8000000000000000654533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d28849bef44efc2021-12-21 12:21:03.195root 11241100x8000000000000000654534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540c56437c352d5d2021-12-21 12:21:03.195root 11241100x8000000000000000654535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10e2054c28fe5b02021-12-21 12:21:03.195root 11241100x8000000000000000654536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86976565d8daad82021-12-21 12:21:03.195root 11241100x8000000000000000654537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53df034ada57af052021-12-21 12:21:03.195root 11241100x8000000000000000654538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ffa6c9572736942021-12-21 12:21:03.195root 11241100x8000000000000000654539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a354e96f83ed74182021-12-21 12:21:03.195root 11241100x8000000000000000654540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988220ea4d54a4662021-12-21 12:21:03.195root 11241100x8000000000000000654541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c953350325c13682021-12-21 12:21:03.195root 11241100x8000000000000000654542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca91613a28fc6f792021-12-21 12:21:03.196root 11241100x8000000000000000654543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fab91badf837cd2021-12-21 12:21:03.196root 11241100x8000000000000000654544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136097d35477c14a2021-12-21 12:21:03.196root 11241100x8000000000000000654545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440692f1cd484a352021-12-21 12:21:03.196root 11241100x8000000000000000654546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df30768ce9b1903d2021-12-21 12:21:03.196root 11241100x8000000000000000654547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a40837218e72b2b2021-12-21 12:21:03.196root 11241100x8000000000000000654548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea49c32153bdad532021-12-21 12:21:03.196root 11241100x8000000000000000654549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9f0aa209e3cf8a2021-12-21 12:21:03.196root 11241100x8000000000000000654550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507278dacc15ea892021-12-21 12:21:03.196root 11241100x8000000000000000654551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2136b4c0c32e0672021-12-21 12:21:03.196root 11241100x8000000000000000654552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacc2eae12f24d962021-12-21 12:21:03.196root 11241100x8000000000000000654553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf2c94e796058ff2021-12-21 12:21:03.694root 11241100x8000000000000000654554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c4adecbc433ec02021-12-21 12:21:03.694root 11241100x8000000000000000654555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241239388453fb7d2021-12-21 12:21:03.694root 11241100x8000000000000000654556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e825b3d07abb86f72021-12-21 12:21:03.694root 11241100x8000000000000000654557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf899870ba4e2ed52021-12-21 12:21:03.694root 11241100x8000000000000000654558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191c028361209e9d2021-12-21 12:21:03.694root 11241100x8000000000000000654559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb49be05a62ecce2021-12-21 12:21:03.694root 11241100x8000000000000000654560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06424812090b3802021-12-21 12:21:03.694root 11241100x8000000000000000654561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c2293528cbbd022021-12-21 12:21:03.695root 11241100x8000000000000000654562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1f225a81e2a8992021-12-21 12:21:03.695root 11241100x8000000000000000654563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5c7c77b0c8e7632021-12-21 12:21:03.695root 11241100x8000000000000000654564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5cdbe1d85f01722021-12-21 12:21:03.695root 11241100x8000000000000000654565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baad5e8b6c1dfe5a2021-12-21 12:21:03.695root 11241100x8000000000000000654566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecab228cfa0677d2021-12-21 12:21:03.695root 11241100x8000000000000000654567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29474cc06fab89a22021-12-21 12:21:03.695root 11241100x8000000000000000654568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712595e55b84f42a2021-12-21 12:21:03.695root 11241100x8000000000000000654569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449510e7c8ec354a2021-12-21 12:21:03.695root 11241100x8000000000000000654570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1266c0a57e864ff2021-12-21 12:21:03.695root 11241100x8000000000000000654571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c364abfb68e9e6c02021-12-21 12:21:03.696root 11241100x8000000000000000654572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f1293a3224eea72021-12-21 12:21:03.696root 11241100x8000000000000000654573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6e21ca505f075c2021-12-21 12:21:03.697root 11241100x8000000000000000654574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11c94403e39a8d42021-12-21 12:21:03.697root 11241100x8000000000000000654575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bf7dc7e29c1aca2021-12-21 12:21:03.697root 11241100x8000000000000000654576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe3b73fd9e810a52021-12-21 12:21:03.697root 11241100x8000000000000000654577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11754093999974cb2021-12-21 12:21:03.697root 11241100x8000000000000000654578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7a3f27b7ef4c122021-12-21 12:21:03.697root 11241100x8000000000000000654579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd749e5e4b41c472021-12-21 12:21:03.697root 11241100x8000000000000000654580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9d936ee160ec8f2021-12-21 12:21:03.697root 11241100x8000000000000000654581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:03.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09d32a53f6a734f2021-12-21 12:21:03.698root 354300x8000000000000000654582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.136{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49860-false10.0.1.12-8000- 11241100x8000000000000000654583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fd73e7998a4c1d2021-12-21 12:21:04.137root 11241100x8000000000000000654584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1117b983284517d2021-12-21 12:21:04.137root 11241100x8000000000000000654585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99d7dd21b2441292021-12-21 12:21:04.137root 11241100x8000000000000000654586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e3ea2cee6d7ac92021-12-21 12:21:04.137root 11241100x8000000000000000654587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7214609f6a6a3b2e2021-12-21 12:21:04.137root 11241100x8000000000000000654588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a352b9eee413d432021-12-21 12:21:04.138root 11241100x8000000000000000654589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fed530ad087e4982021-12-21 12:21:04.138root 11241100x8000000000000000654590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94de9c683c17fd2e2021-12-21 12:21:04.138root 11241100x8000000000000000654591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92245ccd5f1ac382021-12-21 12:21:04.138root 11241100x8000000000000000654592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7277514df75f93f52021-12-21 12:21:04.138root 11241100x8000000000000000654593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5019bd9d4a9b782021-12-21 12:21:04.138root 11241100x8000000000000000654594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c088853088befa42021-12-21 12:21:04.138root 11241100x8000000000000000654595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4215326095bbe02021-12-21 12:21:04.138root 11241100x8000000000000000654596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e76bdd40c2806f2021-12-21 12:21:04.138root 11241100x8000000000000000654597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeedb9295927561c2021-12-21 12:21:04.138root 11241100x8000000000000000654598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c156286f016d6f02021-12-21 12:21:04.138root 11241100x8000000000000000654599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806ffd4a238648682021-12-21 12:21:04.139root 11241100x8000000000000000654600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb0b3707def15e42021-12-21 12:21:04.139root 11241100x8000000000000000654601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0820c39c3a278ce52021-12-21 12:21:04.139root 11241100x8000000000000000654602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b64463f48225aa12021-12-21 12:21:04.139root 11241100x8000000000000000654603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31eaeaa867f5f7722021-12-21 12:21:04.139root 11241100x8000000000000000654604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd09f96df2ff1712021-12-21 12:21:04.139root 11241100x8000000000000000654605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c9ecaab33334dc2021-12-21 12:21:04.139root 11241100x8000000000000000654606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cab1258fac703372021-12-21 12:21:04.139root 11241100x8000000000000000654607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77900ed5fcb08f1d2021-12-21 12:21:04.139root 11241100x8000000000000000654608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d23d9543ed3c7d12021-12-21 12:21:04.139root 11241100x8000000000000000654609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcaae1c86ee4ead42021-12-21 12:21:04.139root 11241100x8000000000000000654610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f56585f6716478d2021-12-21 12:21:04.140root 11241100x8000000000000000654611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d866d48f77105c92021-12-21 12:21:04.140root 11241100x8000000000000000654612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26979705c2cfbd842021-12-21 12:21:04.140root 11241100x8000000000000000654613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fc572fd21fc23f2021-12-21 12:21:04.443root 11241100x8000000000000000654614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2994d410132beaa02021-12-21 12:21:04.443root 11241100x8000000000000000654615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8074f701bf0c02652021-12-21 12:21:04.443root 11241100x8000000000000000654616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166ada55f66e90b02021-12-21 12:21:04.444root 11241100x8000000000000000654617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e31e7ba96845f92021-12-21 12:21:04.444root 11241100x8000000000000000654618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f1295f9c61e4962021-12-21 12:21:04.444root 11241100x8000000000000000654619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cab3909043dc2c2021-12-21 12:21:04.444root 11241100x8000000000000000654620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa77dd8564a228e62021-12-21 12:21:04.444root 11241100x8000000000000000654621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77af43e9c384f3962021-12-21 12:21:04.444root 11241100x8000000000000000654622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfc546205d7b5202021-12-21 12:21:04.444root 11241100x8000000000000000654623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2b05a508ae643e2021-12-21 12:21:04.444root 11241100x8000000000000000654624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccd906962fa24ed2021-12-21 12:21:04.444root 11241100x8000000000000000654625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee905a542046be92021-12-21 12:21:04.444root 11241100x8000000000000000654626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7240fdc6f4ad492021-12-21 12:21:04.444root 11241100x8000000000000000654627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3eaf2e2672195192021-12-21 12:21:04.444root 11241100x8000000000000000654628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de444efffca05a552021-12-21 12:21:04.444root 11241100x8000000000000000654629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928cadb7fdfb7a142021-12-21 12:21:04.444root 11241100x8000000000000000654630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e927378550c680342021-12-21 12:21:04.445root 11241100x8000000000000000654631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04b9c2c5ee70d4a2021-12-21 12:21:04.445root 11241100x8000000000000000654632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e7f8de0b87837d2021-12-21 12:21:04.445root 11241100x8000000000000000654633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c05573bbc7a62842021-12-21 12:21:04.445root 11241100x8000000000000000654634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c19135976efd2142021-12-21 12:21:04.445root 11241100x8000000000000000654635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628119da782a0bb52021-12-21 12:21:04.445root 11241100x8000000000000000654636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880dfd9297110e152021-12-21 12:21:04.445root 11241100x8000000000000000654637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbce476959a0538b2021-12-21 12:21:04.445root 11241100x8000000000000000654638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e208f1cfb7c38c2021-12-21 12:21:04.445root 11241100x8000000000000000654639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71665a3bc0a3e2472021-12-21 12:21:04.445root 11241100x8000000000000000654640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0451e4ec9010e5882021-12-21 12:21:04.445root 11241100x8000000000000000654641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0162619b22a4cd2021-12-21 12:21:04.445root 11241100x8000000000000000654642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b521bc5fba473f5f2021-12-21 12:21:04.446root 11241100x8000000000000000654643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338144924a0ed9972021-12-21 12:21:04.943root 11241100x8000000000000000654644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2242f44d87d2b62021-12-21 12:21:04.943root 11241100x8000000000000000654645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52cd1ffd4fd753662021-12-21 12:21:04.943root 11241100x8000000000000000654646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d245335d1130ef2021-12-21 12:21:04.943root 11241100x8000000000000000654647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ebfee219e8a2d02021-12-21 12:21:04.944root 11241100x8000000000000000654648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40320dfbc5dce1832021-12-21 12:21:04.944root 11241100x8000000000000000654649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf041f081bbc5fc2021-12-21 12:21:04.944root 11241100x8000000000000000654650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d278c45c9244a42021-12-21 12:21:04.944root 11241100x8000000000000000654651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34eb28a6ef469c32021-12-21 12:21:04.944root 11241100x8000000000000000654652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fa0bcc398df0252021-12-21 12:21:04.944root 11241100x8000000000000000654653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0457061aeb5dd0b62021-12-21 12:21:04.944root 11241100x8000000000000000654654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1c3934ebf1722f2021-12-21 12:21:04.944root 11241100x8000000000000000654655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c2af2bedd5d0fa2021-12-21 12:21:04.944root 11241100x8000000000000000654656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e678b96948139f2021-12-21 12:21:04.944root 11241100x8000000000000000654657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811063d38f517cce2021-12-21 12:21:04.945root 11241100x8000000000000000654658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce50c7f292f01e02021-12-21 12:21:04.945root 11241100x8000000000000000654659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f6778958aad3be2021-12-21 12:21:04.945root 11241100x8000000000000000654660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc577701c75e308c2021-12-21 12:21:04.945root 11241100x8000000000000000654661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599d9484fdd3bcfd2021-12-21 12:21:04.945root 11241100x8000000000000000654662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db477c9e3be34c712021-12-21 12:21:04.945root 11241100x8000000000000000654663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c2dbb29c5156532021-12-21 12:21:04.946root 11241100x8000000000000000654664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0891b3c5e60f19592021-12-21 12:21:04.946root 11241100x8000000000000000654665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b53fe57d0b69fc2021-12-21 12:21:04.946root 11241100x8000000000000000654666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36848717460445212021-12-21 12:21:04.946root 11241100x8000000000000000654667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c896fae361b3abd2021-12-21 12:21:04.946root 11241100x8000000000000000654668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8dfcd55966d7d662021-12-21 12:21:04.946root 11241100x8000000000000000654669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bb3de51258ea7c2021-12-21 12:21:04.946root 11241100x8000000000000000654670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f886c695ee9a266f2021-12-21 12:21:04.946root 11241100x8000000000000000654671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ae92744515609d2021-12-21 12:21:04.947root 11241100x8000000000000000654672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fa17ef6b20ffaa2021-12-21 12:21:04.947root 11241100x8000000000000000654673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4caa06ffdb2c50532021-12-21 12:21:05.443root 11241100x8000000000000000654674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a00970972ff239e2021-12-21 12:21:05.443root 11241100x8000000000000000654675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe70d8f4bea07f132021-12-21 12:21:05.443root 11241100x8000000000000000654676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46acb4c60f33c612021-12-21 12:21:05.443root 11241100x8000000000000000654677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6448485f4405f9472021-12-21 12:21:05.444root 11241100x8000000000000000654678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24c0b850ffa61182021-12-21 12:21:05.444root 11241100x8000000000000000654679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2b8b072cfd3ecc2021-12-21 12:21:05.444root 11241100x8000000000000000654680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b100d032de94dc12021-12-21 12:21:05.444root 11241100x8000000000000000654681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30063ae6b4f28fe92021-12-21 12:21:05.444root 11241100x8000000000000000654682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996f24214405222b2021-12-21 12:21:05.444root 11241100x8000000000000000654683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b516e3257fd5072021-12-21 12:21:05.444root 11241100x8000000000000000654684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949ad6bee40515e82021-12-21 12:21:05.444root 11241100x8000000000000000654685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e28808110cf55452021-12-21 12:21:05.445root 11241100x8000000000000000654686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712fc26d2e0c42e92021-12-21 12:21:05.445root 11241100x8000000000000000654687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b5f286220b96952021-12-21 12:21:05.445root 11241100x8000000000000000654688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53199ad3540384182021-12-21 12:21:05.445root 11241100x8000000000000000654689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190f46cc6d099bb62021-12-21 12:21:05.445root 11241100x8000000000000000654690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49eb3ecd7fa0c082021-12-21 12:21:05.445root 11241100x8000000000000000654691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465ffb8f96ec9e3e2021-12-21 12:21:05.445root 11241100x8000000000000000654692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea796896ce0a0c092021-12-21 12:21:05.445root 11241100x8000000000000000654693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022dfcfc7c3ca5d02021-12-21 12:21:05.445root 11241100x8000000000000000654694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba8c246cbb82a3f2021-12-21 12:21:05.445root 11241100x8000000000000000654695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b8173bd9e59e982021-12-21 12:21:05.445root 11241100x8000000000000000654696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db898e27ba64a5f02021-12-21 12:21:05.445root 11241100x8000000000000000654697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7081ce76379ca1b2021-12-21 12:21:05.445root 11241100x8000000000000000654698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40609526e7a36f732021-12-21 12:21:05.445root 11241100x8000000000000000654699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a0455f3f1dbc6e2021-12-21 12:21:05.446root 11241100x8000000000000000654700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82512d92cb31f2b12021-12-21 12:21:05.446root 11241100x8000000000000000654701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2272f17934c0b12021-12-21 12:21:05.446root 11241100x8000000000000000654702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2bc5de0c02e8122021-12-21 12:21:05.446root 11241100x8000000000000000654703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37199def4a56540d2021-12-21 12:21:05.446root 11241100x8000000000000000654704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ea93f74f41c0752021-12-21 12:21:05.446root 11241100x8000000000000000654705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036cdf14c893f66f2021-12-21 12:21:05.446root 11241100x8000000000000000654706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec67382def4104552021-12-21 12:21:05.446root 11241100x8000000000000000654707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a666ec470207d4162021-12-21 12:21:05.446root 11241100x8000000000000000654708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bc290c533b912a2021-12-21 12:21:05.446root 11241100x8000000000000000654709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d9b89042eb78682021-12-21 12:21:05.446root 11241100x8000000000000000654710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366e4f7db5ae67d02021-12-21 12:21:05.943root 11241100x8000000000000000654711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247704e61c6ddae12021-12-21 12:21:05.943root 11241100x8000000000000000654712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1361546cb1f13462021-12-21 12:21:05.943root 11241100x8000000000000000654713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171637880bfdae0d2021-12-21 12:21:05.943root 11241100x8000000000000000654714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0399dc410116192021-12-21 12:21:05.944root 11241100x8000000000000000654715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6581b17f7454dc2021-12-21 12:21:05.944root 11241100x8000000000000000654716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe2d250f88324fc2021-12-21 12:21:05.944root 11241100x8000000000000000654717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422e13264977aa972021-12-21 12:21:05.944root 11241100x8000000000000000654718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9fdf1514589ac42021-12-21 12:21:05.944root 11241100x8000000000000000654719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a714579b6c03c332021-12-21 12:21:05.944root 11241100x8000000000000000654720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829e29cfcfed7a762021-12-21 12:21:05.944root 11241100x8000000000000000654721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61821199647bc3122021-12-21 12:21:05.944root 11241100x8000000000000000654722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872d0c8d630468432021-12-21 12:21:05.944root 11241100x8000000000000000654723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6930e2ebaef6a02021-12-21 12:21:05.944root 11241100x8000000000000000654724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4296dd8fbb15a1e2021-12-21 12:21:05.944root 11241100x8000000000000000654725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270a1b1039e88f282021-12-21 12:21:05.944root 11241100x8000000000000000654726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f69406f9edbb4f2021-12-21 12:21:05.944root 11241100x8000000000000000654727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35bc578559910192021-12-21 12:21:05.944root 11241100x8000000000000000654728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7e17404dc1b1902021-12-21 12:21:05.944root 11241100x8000000000000000654729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b56e9d63a86b6672021-12-21 12:21:05.945root 11241100x8000000000000000654730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230cd09358e0ed7a2021-12-21 12:21:05.945root 11241100x8000000000000000654731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2211e442b483b12021-12-21 12:21:05.945root 11241100x8000000000000000654732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c689b3a9908415d2021-12-21 12:21:05.945root 11241100x8000000000000000654733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c303cd5d5a15a6a82021-12-21 12:21:05.945root 11241100x8000000000000000654734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cdbab738ac2b3c2021-12-21 12:21:05.945root 11241100x8000000000000000654735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f257104eda439112021-12-21 12:21:05.945root 11241100x8000000000000000654736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debd352331fcbbb02021-12-21 12:21:05.945root 11241100x8000000000000000654737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9a22243c5ce3032021-12-21 12:21:05.945root 11241100x8000000000000000654738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3820bf13eda8b8452021-12-21 12:21:05.945root 11241100x8000000000000000654739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396ff8cb7b850abd2021-12-21 12:21:05.945root 11241100x8000000000000000654740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28d4216ba49bafe2021-12-21 12:21:05.945root 11241100x8000000000000000654741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.142{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:21:06.142root 11241100x8000000000000000654742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b6eed0358d98ec2021-12-21 12:21:06.443root 11241100x8000000000000000654743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82395739b88471682021-12-21 12:21:06.443root 11241100x8000000000000000654744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee79671e2cdac0e2021-12-21 12:21:06.443root 11241100x8000000000000000654745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074659fbc83a02d52021-12-21 12:21:06.443root 11241100x8000000000000000654746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4246cf888213602021-12-21 12:21:06.444root 11241100x8000000000000000654747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9f3b5ef1bfc01a2021-12-21 12:21:06.444root 11241100x8000000000000000654748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da187c21a1bf1e962021-12-21 12:21:06.444root 11241100x8000000000000000654749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cf5bc92c6bd8092021-12-21 12:21:06.444root 11241100x8000000000000000654750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b9b32f15a4b0a52021-12-21 12:21:06.444root 11241100x8000000000000000654751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1635e49c640defe2021-12-21 12:21:06.444root 11241100x8000000000000000654752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7909e9174c27a372021-12-21 12:21:06.444root 11241100x8000000000000000654753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78087e1da02aed32021-12-21 12:21:06.444root 11241100x8000000000000000654754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7874c4462d6e53a2021-12-21 12:21:06.444root 11241100x8000000000000000654755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132ff91db587e0852021-12-21 12:21:06.444root 11241100x8000000000000000654756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1519d6eb555d65a22021-12-21 12:21:06.444root 11241100x8000000000000000654757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7fd803a62c5f652021-12-21 12:21:06.444root 11241100x8000000000000000654758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1e882d9432c69f2021-12-21 12:21:06.444root 11241100x8000000000000000654759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3276e8b35ea5562021-12-21 12:21:06.444root 11241100x8000000000000000654760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6f06704ef967e72021-12-21 12:21:06.444root 11241100x8000000000000000654761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2990495e58ed6792021-12-21 12:21:06.445root 11241100x8000000000000000654762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdf6301dcc9a4612021-12-21 12:21:06.445root 11241100x8000000000000000654763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f1e03b3b92acf92021-12-21 12:21:06.445root 11241100x8000000000000000654764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da50ebc764256442021-12-21 12:21:06.445root 11241100x8000000000000000654765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51333e74e18e4922021-12-21 12:21:06.445root 11241100x8000000000000000654766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ee0684385138d02021-12-21 12:21:06.445root 11241100x8000000000000000654767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a54cb816f2cef672021-12-21 12:21:06.445root 11241100x8000000000000000654768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bceb1e77b387772021-12-21 12:21:06.445root 11241100x8000000000000000654769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332694ab85f3c4eb2021-12-21 12:21:06.445root 11241100x8000000000000000654770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5582354304c178a62021-12-21 12:21:06.445root 11241100x8000000000000000654771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdd590153f7946e2021-12-21 12:21:06.445root 11241100x8000000000000000654772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5994df5ac44097912021-12-21 12:21:06.445root 11241100x8000000000000000654773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f10e931e71e0d5e2021-12-21 12:21:06.445root 11241100x8000000000000000654774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc90d26b791e5d6f2021-12-21 12:21:06.943root 11241100x8000000000000000654775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000666018558911d2021-12-21 12:21:06.943root 11241100x8000000000000000654776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214fbf1744508e552021-12-21 12:21:06.943root 11241100x8000000000000000654777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72305dfe0a5a24362021-12-21 12:21:06.943root 11241100x8000000000000000654778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7137dd8f4d03f38f2021-12-21 12:21:06.944root 11241100x8000000000000000654779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efcbfd329db69212021-12-21 12:21:06.944root 11241100x8000000000000000654780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8eaf98a95a161af2021-12-21 12:21:06.944root 11241100x8000000000000000654781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db755601b02119b2021-12-21 12:21:06.944root 11241100x8000000000000000654782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbbcff4214422f22021-12-21 12:21:06.944root 11241100x8000000000000000654783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4391717d69bd2a2021-12-21 12:21:06.944root 11241100x8000000000000000654784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b902a4cdd488fec2021-12-21 12:21:06.944root 11241100x8000000000000000654785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72de6053cc6990d2021-12-21 12:21:06.944root 11241100x8000000000000000654786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32020c834f9aa722021-12-21 12:21:06.944root 11241100x8000000000000000654787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09137bd1e0855ca2021-12-21 12:21:06.944root 11241100x8000000000000000654788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0af3a945c53b1c2021-12-21 12:21:06.944root 11241100x8000000000000000654789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce2ac668fb5aa012021-12-21 12:21:06.945root 11241100x8000000000000000654790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b05e1b2bb5357382021-12-21 12:21:06.945root 11241100x8000000000000000654791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a500fc755a353d72021-12-21 12:21:06.945root 11241100x8000000000000000654792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc34ce34e4e420c42021-12-21 12:21:06.945root 11241100x8000000000000000654793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0825c324254c062021-12-21 12:21:06.945root 11241100x8000000000000000654794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21671519deed10792021-12-21 12:21:06.945root 11241100x8000000000000000654795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ac5d063a3e2b812021-12-21 12:21:06.945root 11241100x8000000000000000654796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c192e8cac2ba11fe2021-12-21 12:21:06.945root 11241100x8000000000000000654797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93ce92fc963e6c92021-12-21 12:21:06.945root 11241100x8000000000000000654798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdcbe1780f717eb2021-12-21 12:21:06.945root 11241100x8000000000000000654799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2dc2b94f61f0e1b2021-12-21 12:21:06.945root 11241100x8000000000000000654800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a55481fdf46d2e2021-12-21 12:21:06.945root 11241100x8000000000000000654801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def5dafeefb3465a2021-12-21 12:21:06.945root 11241100x8000000000000000654802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9386942a3fea9da72021-12-21 12:21:06.945root 11241100x8000000000000000654803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bad90ec3aeb8ecc2021-12-21 12:21:06.945root 11241100x8000000000000000654804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffcde8c5a90231d2021-12-21 12:21:06.945root 11241100x8000000000000000654805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4e42c7d3bf9d272021-12-21 12:21:06.946root 11241100x8000000000000000654806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1deec965ce95da762021-12-21 12:21:07.443root 11241100x8000000000000000654807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c302d25d2dc44b22021-12-21 12:21:07.443root 11241100x8000000000000000654808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd77fcc79fb1e7c52021-12-21 12:21:07.443root 11241100x8000000000000000654809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddda8cd0736bc16f2021-12-21 12:21:07.443root 11241100x8000000000000000654810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263ec3190e08963c2021-12-21 12:21:07.444root 11241100x8000000000000000654811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6f0216d5acd0312021-12-21 12:21:07.444root 11241100x8000000000000000654812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f1b07878d9f1e12021-12-21 12:21:07.444root 11241100x8000000000000000654813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99de87379620af92021-12-21 12:21:07.444root 11241100x8000000000000000654814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7610365ac3bb38de2021-12-21 12:21:07.444root 11241100x8000000000000000654815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df965c7b1c2efd032021-12-21 12:21:07.444root 11241100x8000000000000000654816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5078fff93a4568e92021-12-21 12:21:07.444root 11241100x8000000000000000654817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af081717b1fbbe3d2021-12-21 12:21:07.444root 11241100x8000000000000000654818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91302131ea6ba4b22021-12-21 12:21:07.444root 11241100x8000000000000000654819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393dcbcb26a6be232021-12-21 12:21:07.444root 11241100x8000000000000000654820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740bb4a890962e412021-12-21 12:21:07.444root 11241100x8000000000000000654821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2066e180751f4c032021-12-21 12:21:07.444root 11241100x8000000000000000654822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fbd97252dfd0c22021-12-21 12:21:07.444root 11241100x8000000000000000654823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d0979069b4663f2021-12-21 12:21:07.444root 11241100x8000000000000000654824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7e3f173afc88e82021-12-21 12:21:07.444root 11241100x8000000000000000654825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60368ca6fe50dd9e2021-12-21 12:21:07.444root 11241100x8000000000000000654826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a04127e0448404f2021-12-21 12:21:07.445root 11241100x8000000000000000654827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bdada5f605dda82021-12-21 12:21:07.445root 11241100x8000000000000000654828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d4481c39d9f0922021-12-21 12:21:07.445root 11241100x8000000000000000654829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1bc585dfc67ec42021-12-21 12:21:07.445root 11241100x8000000000000000654830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075c40b1697c0f202021-12-21 12:21:07.445root 11241100x8000000000000000654831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693bbe60865410b82021-12-21 12:21:07.445root 11241100x8000000000000000654832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d6a765591cae492021-12-21 12:21:07.445root 11241100x8000000000000000654833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8457dbbba66e0612021-12-21 12:21:07.445root 11241100x8000000000000000654834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c032fb779bdc833b2021-12-21 12:21:07.445root 11241100x8000000000000000654835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b216ea31a68b45e12021-12-21 12:21:07.445root 11241100x8000000000000000654836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c89bf202543cc7e2021-12-21 12:21:07.445root 11241100x8000000000000000654837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b90c9407fee4fc2021-12-21 12:21:07.445root 11241100x8000000000000000654838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1716dad8d59dcbd32021-12-21 12:21:07.943root 11241100x8000000000000000654839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffda3dd5b40a82092021-12-21 12:21:07.943root 11241100x8000000000000000654840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23af044570e2ac052021-12-21 12:21:07.943root 11241100x8000000000000000654841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c2076cc51784602021-12-21 12:21:07.943root 11241100x8000000000000000654842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ff91fd15b6da462021-12-21 12:21:07.944root 11241100x8000000000000000654843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f213e80b12c7af2021-12-21 12:21:07.944root 11241100x8000000000000000654844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3caf3a236802bd102021-12-21 12:21:07.944root 11241100x8000000000000000654845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fc4d64091a177a2021-12-21 12:21:07.944root 11241100x8000000000000000654846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1817b66a6b483fc2021-12-21 12:21:07.944root 11241100x8000000000000000654847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9840d26a1c7bae6b2021-12-21 12:21:07.944root 11241100x8000000000000000654848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe0176d6119f9052021-12-21 12:21:07.944root 11241100x8000000000000000654849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f659a646d271592021-12-21 12:21:07.944root 11241100x8000000000000000654850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b294ab8c0c74972021-12-21 12:21:07.944root 11241100x8000000000000000654851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed04453ddc2a22c02021-12-21 12:21:07.944root 11241100x8000000000000000654852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd4363d51d4bb062021-12-21 12:21:07.944root 11241100x8000000000000000654853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ce5163dace39682021-12-21 12:21:07.944root 11241100x8000000000000000654854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618b52fdca2f7cd92021-12-21 12:21:07.944root 11241100x8000000000000000654855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cb3d31ec064dfc2021-12-21 12:21:07.944root 11241100x8000000000000000654856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c13be7d04f585432021-12-21 12:21:07.944root 11241100x8000000000000000654857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4196137d1fabfd522021-12-21 12:21:07.944root 11241100x8000000000000000654858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35315992de646932021-12-21 12:21:07.945root 11241100x8000000000000000654859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a5a94e1ef36aac2021-12-21 12:21:07.945root 11241100x8000000000000000654860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4700171f92ed652021-12-21 12:21:07.945root 11241100x8000000000000000654861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43943ba4b9b0e4af2021-12-21 12:21:07.945root 11241100x8000000000000000654862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfc24bab46191cc2021-12-21 12:21:07.945root 11241100x8000000000000000654863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626e328fbab629bb2021-12-21 12:21:07.945root 11241100x8000000000000000654864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e815e6b26f314f2021-12-21 12:21:07.945root 11241100x8000000000000000654865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0bfabc91805d852021-12-21 12:21:07.945root 11241100x8000000000000000654866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c19ca563ccd487f2021-12-21 12:21:07.946root 11241100x8000000000000000654867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7059dd881c0c6072021-12-21 12:21:07.946root 11241100x8000000000000000654868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5db4765d07e96b2021-12-21 12:21:07.946root 11241100x8000000000000000654869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c56e70e079a996e2021-12-21 12:21:08.443root 11241100x8000000000000000654870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520536fba706285e2021-12-21 12:21:08.444root 11241100x8000000000000000654871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7771a17054e9ec2021-12-21 12:21:08.444root 11241100x8000000000000000654872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f8e8c0051d15012021-12-21 12:21:08.444root 11241100x8000000000000000654873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3488807c2df103672021-12-21 12:21:08.444root 11241100x8000000000000000654874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656edf9ecd7782e12021-12-21 12:21:08.444root 11241100x8000000000000000654875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cf0e9f7dee414c2021-12-21 12:21:08.444root 11241100x8000000000000000654876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ce1feeb73807bc2021-12-21 12:21:08.444root 11241100x8000000000000000654877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ceae8595786d422021-12-21 12:21:08.444root 11241100x8000000000000000654878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28a94afc2bbaa5f2021-12-21 12:21:08.444root 11241100x8000000000000000654879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478fc220b140546b2021-12-21 12:21:08.445root 11241100x8000000000000000654880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8831e1ca42135bb2021-12-21 12:21:08.445root 11241100x8000000000000000654881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e15ff1b113a6eac2021-12-21 12:21:08.445root 11241100x8000000000000000654882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65da1e25066add82021-12-21 12:21:08.445root 11241100x8000000000000000654883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8e2f13ac3d720f2021-12-21 12:21:08.445root 11241100x8000000000000000654884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca828ee310099acd2021-12-21 12:21:08.445root 11241100x8000000000000000654885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b65a57f54bd2ed62021-12-21 12:21:08.445root 11241100x8000000000000000654886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258239c12de1395d2021-12-21 12:21:08.445root 11241100x8000000000000000654887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5ad84a354e77ef2021-12-21 12:21:08.445root 11241100x8000000000000000654888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237e9f5fe2428bf32021-12-21 12:21:08.445root 11241100x8000000000000000654889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877337fc54a5ee972021-12-21 12:21:08.445root 11241100x8000000000000000654890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc961b37d626df312021-12-21 12:21:08.445root 11241100x8000000000000000654891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c900d98064d05132021-12-21 12:21:08.446root 11241100x8000000000000000654892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c0f0df5200393d2021-12-21 12:21:08.446root 11241100x8000000000000000654893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9df44c13d8ec4c62021-12-21 12:21:08.446root 11241100x8000000000000000654894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1d71b3072eba3d2021-12-21 12:21:08.446root 11241100x8000000000000000654895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175aad21e1889cd82021-12-21 12:21:08.446root 11241100x8000000000000000654896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e02a2ac97b4d5e22021-12-21 12:21:08.446root 11241100x8000000000000000654897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115b098f709cdb9b2021-12-21 12:21:08.446root 11241100x8000000000000000654898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a4a23b5dfafa702021-12-21 12:21:08.446root 11241100x8000000000000000654899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4585efe387e584ac2021-12-21 12:21:08.446root 11241100x8000000000000000654900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286d326b661be6cf2021-12-21 12:21:08.446root 11241100x8000000000000000654901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741176eea4fa2f112021-12-21 12:21:08.943root 11241100x8000000000000000654902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0b95b0af13aa772021-12-21 12:21:08.944root 11241100x8000000000000000654903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e139f04f1f250cca2021-12-21 12:21:08.944root 11241100x8000000000000000654904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd9c9cd5a4589472021-12-21 12:21:08.944root 11241100x8000000000000000654905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1b0a5613b547d42021-12-21 12:21:08.944root 11241100x8000000000000000654906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45ab63c0a05c2162021-12-21 12:21:08.944root 11241100x8000000000000000654907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e98d89957dc691a2021-12-21 12:21:08.945root 11241100x8000000000000000654908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d0fceaa63ca24f2021-12-21 12:21:08.945root 11241100x8000000000000000654909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98536d8a0fabba352021-12-21 12:21:08.945root 11241100x8000000000000000654910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ffa9ea3d2106df2021-12-21 12:21:08.945root 11241100x8000000000000000654911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32cf7d7696fdf3c2021-12-21 12:21:08.945root 11241100x8000000000000000654912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8680ca0837341d2021-12-21 12:21:08.945root 11241100x8000000000000000654913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca19a11e32eceb42021-12-21 12:21:08.945root 11241100x8000000000000000654914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01c4f8b63c896f32021-12-21 12:21:08.946root 11241100x8000000000000000654915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14b9b78d02104332021-12-21 12:21:08.946root 11241100x8000000000000000654916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7a49f8a27360ca2021-12-21 12:21:08.946root 11241100x8000000000000000654917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92153f31dcb6a0382021-12-21 12:21:08.946root 11241100x8000000000000000654918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2884de96bc29f6c2021-12-21 12:21:08.946root 11241100x8000000000000000654919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a79c6285879acc12021-12-21 12:21:08.946root 11241100x8000000000000000654920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b65cb8b8860ba52021-12-21 12:21:08.946root 11241100x8000000000000000654921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5263c5c9c885c62021-12-21 12:21:08.946root 11241100x8000000000000000654922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f3b678b456c7672021-12-21 12:21:08.946root 11241100x8000000000000000654923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710beaa748c261e12021-12-21 12:21:08.946root 11241100x8000000000000000654924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587670d552ef70522021-12-21 12:21:08.946root 11241100x8000000000000000654925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6598106ac60d1cb92021-12-21 12:21:08.946root 11241100x8000000000000000654926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427feaa5c76339b82021-12-21 12:21:08.946root 11241100x8000000000000000654927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f4140a813dfa462021-12-21 12:21:08.946root 11241100x8000000000000000654928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850f9d2c116bf8392021-12-21 12:21:08.947root 11241100x8000000000000000654929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b335b8932740e62021-12-21 12:21:08.947root 11241100x8000000000000000654930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d55e9a6dfc78c792021-12-21 12:21:08.947root 11241100x8000000000000000654931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74050c0dd9a29222021-12-21 12:21:08.947root 11241100x8000000000000000654932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:08.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1164948e0b939b032021-12-21 12:21:08.947root 23542300x8000000000000000654933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.144{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000654934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954ecc53face750c2021-12-21 12:21:09.443root 11241100x8000000000000000654935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bbf0d488187f3f2021-12-21 12:21:09.443root 11241100x8000000000000000654936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494d4373e2da100a2021-12-21 12:21:09.443root 11241100x8000000000000000654937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368f3978d9d644d82021-12-21 12:21:09.443root 11241100x8000000000000000654938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbc46ae0b9ddff12021-12-21 12:21:09.444root 11241100x8000000000000000654939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac0a24ff319955f2021-12-21 12:21:09.444root 11241100x8000000000000000654940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223d6ac771c071032021-12-21 12:21:09.444root 11241100x8000000000000000654941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d5f76a22769aeb2021-12-21 12:21:09.444root 11241100x8000000000000000654942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43664212413bef1d2021-12-21 12:21:09.444root 11241100x8000000000000000654943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559a7a342f8c06cf2021-12-21 12:21:09.444root 11241100x8000000000000000654944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117fed382acdde022021-12-21 12:21:09.444root 11241100x8000000000000000654945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc81ca6f1cae2d82021-12-21 12:21:09.444root 11241100x8000000000000000654946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac70494edeecc9ce2021-12-21 12:21:09.444root 11241100x8000000000000000654947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb1f0a9b439a4912021-12-21 12:21:09.444root 11241100x8000000000000000654948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2c73210db3710f2021-12-21 12:21:09.444root 11241100x8000000000000000654949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bad01a2d0276442021-12-21 12:21:09.444root 11241100x8000000000000000654950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6922cc47b3162d2021-12-21 12:21:09.444root 11241100x8000000000000000654951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2461f40cff06592021-12-21 12:21:09.444root 11241100x8000000000000000654952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ef6079e3cb37d32021-12-21 12:21:09.444root 11241100x8000000000000000654953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c90e606a33376a2021-12-21 12:21:09.444root 11241100x8000000000000000654954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e936b7726de205d2021-12-21 12:21:09.445root 11241100x8000000000000000654955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651e78d4352ca86b2021-12-21 12:21:09.445root 11241100x8000000000000000654956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf48a832bedbb5f92021-12-21 12:21:09.445root 11241100x8000000000000000654957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4409f23311361272021-12-21 12:21:09.445root 11241100x8000000000000000654958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd269c734dcc0dd2021-12-21 12:21:09.445root 11241100x8000000000000000654959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c351b07c3c6c16cd2021-12-21 12:21:09.445root 11241100x8000000000000000654960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fac9e44700bb2102021-12-21 12:21:09.445root 11241100x8000000000000000654961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0744b27f222314762021-12-21 12:21:09.445root 11241100x8000000000000000654962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f947a1128cffd342021-12-21 12:21:09.445root 11241100x8000000000000000654963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb697bd053bb45852021-12-21 12:21:09.445root 11241100x8000000000000000654964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441337fec3d4f6082021-12-21 12:21:09.445root 11241100x8000000000000000654965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c50352561ea95302021-12-21 12:21:09.445root 11241100x8000000000000000654966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c94a8f7787704d2021-12-21 12:21:09.445root 154100x8000000000000000654967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.632{ec2b6afe-c6b5-61c1-68b4-1739d1550000}10076/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000654968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.641{ec2b6afe-c6b5-61c1-68b4-1739d1550000}10076/bin/psroot 11241100x8000000000000000654969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93ca4e40d72bfeb2021-12-21 12:21:09.943root 11241100x8000000000000000654970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550f4cef39057dc82021-12-21 12:21:09.943root 11241100x8000000000000000654971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b99c82f4f8a35592021-12-21 12:21:09.943root 11241100x8000000000000000654972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d8c4b5307be9a32021-12-21 12:21:09.944root 11241100x8000000000000000654973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029ecead20e21a952021-12-21 12:21:09.944root 11241100x8000000000000000654974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7080cc60525a84fe2021-12-21 12:21:09.944root 11241100x8000000000000000654975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590ee0d90281eebd2021-12-21 12:21:09.944root 11241100x8000000000000000654976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43625ddd1bd8e9b42021-12-21 12:21:09.944root 11241100x8000000000000000654977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f7ecdade6d82f52021-12-21 12:21:09.944root 11241100x8000000000000000654978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37b751a302df3a92021-12-21 12:21:09.944root 11241100x8000000000000000654979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b530abe2cb6f002021-12-21 12:21:09.944root 11241100x8000000000000000654980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703e32052b75116f2021-12-21 12:21:09.944root 11241100x8000000000000000654981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea31c05578dd6e42021-12-21 12:21:09.944root 11241100x8000000000000000654982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728ccfb8bc63a5062021-12-21 12:21:09.944root 11241100x8000000000000000654983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091d8bccf5f98daa2021-12-21 12:21:09.944root 11241100x8000000000000000654984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ff967db75517eb2021-12-21 12:21:09.945root 11241100x8000000000000000654985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65d282e4ad1c90d2021-12-21 12:21:09.945root 11241100x8000000000000000654986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafb398e202ab1772021-12-21 12:21:09.945root 11241100x8000000000000000654987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c24cd1342fbf3a92021-12-21 12:21:09.945root 11241100x8000000000000000654988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cc3dfd02c10ca12021-12-21 12:21:09.945root 11241100x8000000000000000654989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f38e1b3e26920d2021-12-21 12:21:09.945root 11241100x8000000000000000654990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57952b0bb464c3b52021-12-21 12:21:09.945root 11241100x8000000000000000654991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c4becb7f01fd8f2021-12-21 12:21:09.945root 11241100x8000000000000000654992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6283be95e7c402fa2021-12-21 12:21:09.945root 11241100x8000000000000000654993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccc42e16e1717bd2021-12-21 12:21:09.945root 11241100x8000000000000000654994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1281e0b0c073a32021-12-21 12:21:09.945root 11241100x8000000000000000654995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc6708bdcc7970f2021-12-21 12:21:09.946root 11241100x8000000000000000654996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867413dc7c6bacc12021-12-21 12:21:09.946root 11241100x8000000000000000654997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a965e369761a7a9a2021-12-21 12:21:09.946root 11241100x8000000000000000654998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dde68982234b0ed2021-12-21 12:21:09.946root 11241100x8000000000000000654999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022de9b6112108e62021-12-21 12:21:09.946root 11241100x8000000000000000655000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a52eb728d6ecbf52021-12-21 12:21:09.946root 11241100x8000000000000000655001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4526b4a66f81d68b2021-12-21 12:21:09.946root 11241100x8000000000000000655002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bf7e4e7a1d0f882021-12-21 12:21:09.946root 11241100x8000000000000000655003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7f1eac2d8047b42021-12-21 12:21:09.946root 354300x8000000000000000655004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.104{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49862-false10.0.1.12-8000- 11241100x8000000000000000655005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2124e20e9697f072021-12-21 12:21:10.443root 11241100x8000000000000000655006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31911c7909ffcfda2021-12-21 12:21:10.443root 11241100x8000000000000000655007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08909d128b485f2f2021-12-21 12:21:10.443root 11241100x8000000000000000655008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52395524ba88b1e2021-12-21 12:21:10.443root 11241100x8000000000000000655009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055103f99210c2c82021-12-21 12:21:10.444root 11241100x8000000000000000655010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca63a00ffd097e92021-12-21 12:21:10.444root 11241100x8000000000000000655011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b214946e3044b0292021-12-21 12:21:10.444root 11241100x8000000000000000655012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc4c5f234c2f57a2021-12-21 12:21:10.444root 11241100x8000000000000000655013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0eb7e0fd20876752021-12-21 12:21:10.444root 11241100x8000000000000000655014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff3ae8ddbd6943e2021-12-21 12:21:10.444root 11241100x8000000000000000655015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d28cd63c9e271ee2021-12-21 12:21:10.444root 11241100x8000000000000000655016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa078d801af629222021-12-21 12:21:10.444root 11241100x8000000000000000655017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e9fad0f0ec8e362021-12-21 12:21:10.444root 11241100x8000000000000000655018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a05e31d2964e5d2021-12-21 12:21:10.444root 11241100x8000000000000000655019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449468f9b4ecec602021-12-21 12:21:10.445root 11241100x8000000000000000655020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10bde75222947d82021-12-21 12:21:10.445root 11241100x8000000000000000655021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dd2ed1bcb78a982021-12-21 12:21:10.445root 11241100x8000000000000000655022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0f0ab716ec20a92021-12-21 12:21:10.445root 11241100x8000000000000000655023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95363e6b16b2ee2a2021-12-21 12:21:10.445root 11241100x8000000000000000655024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fd6dd3ac4d2a8c2021-12-21 12:21:10.445root 11241100x8000000000000000655025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9198ec88a1881c042021-12-21 12:21:10.445root 11241100x8000000000000000655026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592270765ebe8c0c2021-12-21 12:21:10.446root 11241100x8000000000000000655027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f81bfaade34898b2021-12-21 12:21:10.446root 11241100x8000000000000000655028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c2bb5d48863aa02021-12-21 12:21:10.446root 11241100x8000000000000000655029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f9fa81a52b16812021-12-21 12:21:10.446root 11241100x8000000000000000655030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbdc451816bff042021-12-21 12:21:10.446root 11241100x8000000000000000655031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce66fbcd2db8f2c2021-12-21 12:21:10.446root 11241100x8000000000000000655032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab5ed2b0203fbe62021-12-21 12:21:10.446root 11241100x8000000000000000655033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a973817aed14c52021-12-21 12:21:10.446root 11241100x8000000000000000655034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6349bb7a0b239d892021-12-21 12:21:10.446root 11241100x8000000000000000655035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f117739e57c11a442021-12-21 12:21:10.446root 11241100x8000000000000000655036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca0c9c2230c72442021-12-21 12:21:10.446root 11241100x8000000000000000655037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ff96d08035ff422021-12-21 12:21:10.447root 11241100x8000000000000000655038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6b288b65306c022021-12-21 12:21:10.447root 11241100x8000000000000000655039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcb46b2eb7104b92021-12-21 12:21:10.447root 11241100x8000000000000000655040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826b3c54c4a1bc1b2021-12-21 12:21:10.447root 11241100x8000000000000000655041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f2389d1d92aef82021-12-21 12:21:10.448root 11241100x8000000000000000655042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5009f2daaa53b012021-12-21 12:21:10.943root 11241100x8000000000000000655043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833a2677cfdb5af22021-12-21 12:21:10.943root 11241100x8000000000000000655044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221dce83354517ad2021-12-21 12:21:10.943root 11241100x8000000000000000655045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fa657f6b60599a2021-12-21 12:21:10.943root 11241100x8000000000000000655046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6d6ba66279f0ce2021-12-21 12:21:10.944root 11241100x8000000000000000655047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4841258baae798c02021-12-21 12:21:10.944root 11241100x8000000000000000655048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ffc16f83c16ae12021-12-21 12:21:10.944root 11241100x8000000000000000655049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23d4fbf408149fb2021-12-21 12:21:10.944root 11241100x8000000000000000655050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8396b56db3e7122021-12-21 12:21:10.944root 11241100x8000000000000000655051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ebd033fc538f9f2021-12-21 12:21:10.944root 11241100x8000000000000000655052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3f6a0ae9ca3bb32021-12-21 12:21:10.944root 11241100x8000000000000000655053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d604be9deb7db0ba2021-12-21 12:21:10.944root 11241100x8000000000000000655054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6d099824fea4e02021-12-21 12:21:10.944root 11241100x8000000000000000655055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2dfb35dd32cbd12021-12-21 12:21:10.944root 11241100x8000000000000000655056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8218e3ac2be9e502021-12-21 12:21:10.944root 11241100x8000000000000000655057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ff5ad85f74558e2021-12-21 12:21:10.945root 11241100x8000000000000000655058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbb6cd044c735632021-12-21 12:21:10.945root 11241100x8000000000000000655059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa3bc3c01e00aee2021-12-21 12:21:10.945root 11241100x8000000000000000655060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794f6804400107492021-12-21 12:21:10.945root 11241100x8000000000000000655061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3be9f677ea6c9052021-12-21 12:21:10.945root 11241100x8000000000000000655062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69146b29150455102021-12-21 12:21:10.945root 11241100x8000000000000000655063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8d124989b577be2021-12-21 12:21:10.945root 11241100x8000000000000000655064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede11f4cbf641e972021-12-21 12:21:10.945root 11241100x8000000000000000655065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc618d16e56578f52021-12-21 12:21:10.945root 11241100x8000000000000000655066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e380d512f8acb4d82021-12-21 12:21:10.945root 11241100x8000000000000000655067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a2bc4f5db8aa9b2021-12-21 12:21:10.945root 11241100x8000000000000000655068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc616619fc00cd8c2021-12-21 12:21:10.946root 11241100x8000000000000000655069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbae5630f18525682021-12-21 12:21:10.946root 11241100x8000000000000000655070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f507cbfd39b2e82021-12-21 12:21:10.946root 11241100x8000000000000000655071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136c4f88e2364c6b2021-12-21 12:21:10.946root 11241100x8000000000000000655072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735b112e9629c16f2021-12-21 12:21:10.946root 11241100x8000000000000000655073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f02e328fef4b16a2021-12-21 12:21:10.946root 11241100x8000000000000000655074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da54a32fb21fca552021-12-21 12:21:10.946root 11241100x8000000000000000655075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965409666f322d622021-12-21 12:21:10.946root 11241100x8000000000000000655076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891afc2e37a0fb332021-12-21 12:21:10.946root 11241100x8000000000000000655077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f387dfd6e1904ce2021-12-21 12:21:10.946root 11241100x8000000000000000655078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711c858202b059902021-12-21 12:21:10.947root 11241100x8000000000000000655079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e60112e2de598582021-12-21 12:21:10.947root 11241100x8000000000000000655080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57066985a3b88102021-12-21 12:21:11.443root 11241100x8000000000000000655081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b492c9814f3a31c2021-12-21 12:21:11.443root 11241100x8000000000000000655082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff720db2ee2884f2021-12-21 12:21:11.443root 11241100x8000000000000000655083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4e687f45e31d902021-12-21 12:21:11.444root 11241100x8000000000000000655084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4eddc1d70b744682021-12-21 12:21:11.444root 11241100x8000000000000000655085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5037c9367ecc1042021-12-21 12:21:11.444root 11241100x8000000000000000655086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c072af63e392652021-12-21 12:21:11.444root 11241100x8000000000000000655087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757ac651626e2c0f2021-12-21 12:21:11.444root 11241100x8000000000000000655088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a4776baed060832021-12-21 12:21:11.444root 11241100x8000000000000000655089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e9549b1a72c2252021-12-21 12:21:11.444root 11241100x8000000000000000655090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfa27e97d4b5a1a2021-12-21 12:21:11.444root 11241100x8000000000000000655091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f22ae73e051fc02021-12-21 12:21:11.444root 11241100x8000000000000000655092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f6b1a64bbc42192021-12-21 12:21:11.444root 11241100x8000000000000000655093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1af6c614d244f32021-12-21 12:21:11.444root 11241100x8000000000000000655094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5930596d8cb036b62021-12-21 12:21:11.445root 11241100x8000000000000000655095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769a6507333fec1f2021-12-21 12:21:11.445root 11241100x8000000000000000655096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf84e19699d236b2021-12-21 12:21:11.445root 11241100x8000000000000000655097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fa427881e001c52021-12-21 12:21:11.445root 11241100x8000000000000000655098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd5ac30d31dafb12021-12-21 12:21:11.445root 11241100x8000000000000000655099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63bd4c15c75d28cd2021-12-21 12:21:11.445root 11241100x8000000000000000655100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049bf376b899d57c2021-12-21 12:21:11.445root 11241100x8000000000000000655101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0d4759fe42986a2021-12-21 12:21:11.446root 11241100x8000000000000000655102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c0898d0f0dc0db2021-12-21 12:21:11.446root 11241100x8000000000000000655103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdcadce6f0855ea2021-12-21 12:21:11.446root 11241100x8000000000000000655104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d99623388ade0242021-12-21 12:21:11.446root 11241100x8000000000000000655105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7fd7b34bb51e542021-12-21 12:21:11.446root 11241100x8000000000000000655106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff28d5c93994a7b2021-12-21 12:21:11.447root 11241100x8000000000000000655107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19280b24749e6e452021-12-21 12:21:11.447root 11241100x8000000000000000655108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c19a91e9d37c852021-12-21 12:21:11.447root 11241100x8000000000000000655109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54136961af63e4e72021-12-21 12:21:11.447root 11241100x8000000000000000655110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a605c6b001df39af2021-12-21 12:21:11.447root 11241100x8000000000000000655111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05ccc4e6a44f1b02021-12-21 12:21:11.447root 11241100x8000000000000000655112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7f5f37d463ab412021-12-21 12:21:11.447root 11241100x8000000000000000655113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e8ba579f5b153c2021-12-21 12:21:11.448root 11241100x8000000000000000655114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d234e48e5d391ac2021-12-21 12:21:11.448root 11241100x8000000000000000655115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47543e311616ac02021-12-21 12:21:11.448root 11241100x8000000000000000655116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5775dc4239b461882021-12-21 12:21:11.448root 11241100x8000000000000000655117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfd6691ac029a8f2021-12-21 12:21:11.448root 11241100x8000000000000000655118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ee21480cbe70002021-12-21 12:21:11.943root 11241100x8000000000000000655119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7ae771ee1cc50f2021-12-21 12:21:11.943root 11241100x8000000000000000655120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd707205d4452e82021-12-21 12:21:11.944root 11241100x8000000000000000655121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1398ae038c997ede2021-12-21 12:21:11.944root 11241100x8000000000000000655122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7723cb096223592021-12-21 12:21:11.944root 11241100x8000000000000000655123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf276f70dbd27302021-12-21 12:21:11.944root 11241100x8000000000000000655124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5068df2c1cf3812021-12-21 12:21:11.944root 11241100x8000000000000000655125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70c5c6efdf678442021-12-21 12:21:11.944root 11241100x8000000000000000655126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d3b2db23120df72021-12-21 12:21:11.944root 11241100x8000000000000000655127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ab4d1b3209f8102021-12-21 12:21:11.944root 11241100x8000000000000000655128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b81b5d75c22c45c2021-12-21 12:21:11.944root 11241100x8000000000000000655129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e2a3868263bf6c2021-12-21 12:21:11.944root 11241100x8000000000000000655130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370ced5f4a2e8ae52021-12-21 12:21:11.945root 11241100x8000000000000000655131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd1ccdcf3b1b5ba2021-12-21 12:21:11.945root 11241100x8000000000000000655132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3313d65677631a692021-12-21 12:21:11.945root 11241100x8000000000000000655133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33d8bc3f6d689632021-12-21 12:21:11.945root 11241100x8000000000000000655134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950ba4b0b729b1ea2021-12-21 12:21:11.945root 11241100x8000000000000000655135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8202fa6ad9db502021-12-21 12:21:11.945root 11241100x8000000000000000655136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203ea19caddb447e2021-12-21 12:21:11.945root 11241100x8000000000000000655137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2b96171f866f192021-12-21 12:21:11.945root 11241100x8000000000000000655138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394509f05a7bd7702021-12-21 12:21:11.945root 11241100x8000000000000000655139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fa0cd38f090a862021-12-21 12:21:11.945root 11241100x8000000000000000655140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744f2144cb47e6dd2021-12-21 12:21:11.945root 11241100x8000000000000000655141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57aadcc98f737a02021-12-21 12:21:11.945root 11241100x8000000000000000655142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16094ef0d485b2b2021-12-21 12:21:11.945root 11241100x8000000000000000655143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314fe369f379dc9b2021-12-21 12:21:11.945root 11241100x8000000000000000655144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb55e0b0f8791652021-12-21 12:21:11.945root 11241100x8000000000000000655145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0572f0dff0b5124d2021-12-21 12:21:11.945root 11241100x8000000000000000655146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85b03ac7771c2b32021-12-21 12:21:11.946root 11241100x8000000000000000655147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc218627311897c2021-12-21 12:21:11.946root 11241100x8000000000000000655148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd51f369eee12fe2021-12-21 12:21:11.946root 11241100x8000000000000000655149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ee4060b818661f2021-12-21 12:21:11.946root 11241100x8000000000000000655150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac358c58fc4fc0452021-12-21 12:21:11.946root 11241100x8000000000000000655151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81603b94e222a992021-12-21 12:21:11.946root 11241100x8000000000000000655152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b9599904960bcb2021-12-21 12:21:11.946root 11241100x8000000000000000655153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e30d973beb661352021-12-21 12:21:11.946root 11241100x8000000000000000655154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a49f4f72931a9a42021-12-21 12:21:11.946root 11241100x8000000000000000655155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c19264746337b82021-12-21 12:21:11.946root 11241100x8000000000000000655156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afb1c63043313422021-12-21 12:21:12.443root 11241100x8000000000000000655157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589c37d7ff8d67eb2021-12-21 12:21:12.444root 11241100x8000000000000000655158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d8c1edf10f44e92021-12-21 12:21:12.444root 11241100x8000000000000000655159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb89641cfb3eabe2021-12-21 12:21:12.445root 11241100x8000000000000000655160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b0cc00bf0a84b72021-12-21 12:21:12.445root 11241100x8000000000000000655161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdffacd4cd1a36472021-12-21 12:21:12.445root 11241100x8000000000000000655162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a06f57c4aaf9d32021-12-21 12:21:12.445root 11241100x8000000000000000655163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d49375db7a8f232021-12-21 12:21:12.445root 11241100x8000000000000000655164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e87f4a5e2f41bf02021-12-21 12:21:12.445root 11241100x8000000000000000655165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0456f5218e1421392021-12-21 12:21:12.446root 11241100x8000000000000000655166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194083c67d37d7732021-12-21 12:21:12.446root 11241100x8000000000000000655167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cd442aebcb548a2021-12-21 12:21:12.446root 11241100x8000000000000000655168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c3e95da7efbcd72021-12-21 12:21:12.446root 11241100x8000000000000000655169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d221dff3b11e422021-12-21 12:21:12.446root 11241100x8000000000000000655170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809a4060f95cc2102021-12-21 12:21:12.446root 11241100x8000000000000000655171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4081f686e6ead82021-12-21 12:21:12.447root 11241100x8000000000000000655172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4950e7710d31fc672021-12-21 12:21:12.447root 11241100x8000000000000000655173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39388eefff33877b2021-12-21 12:21:12.447root 11241100x8000000000000000655174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7153b2473a99b2b2021-12-21 12:21:12.448root 11241100x8000000000000000655175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cd7709fd4855e42021-12-21 12:21:12.448root 11241100x8000000000000000655176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf32e1edfb92cb212021-12-21 12:21:12.448root 11241100x8000000000000000655177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694af19ed317237b2021-12-21 12:21:12.448root 11241100x8000000000000000655178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f3d9d17d653c0a2021-12-21 12:21:12.448root 11241100x8000000000000000655179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595879278913e2062021-12-21 12:21:12.448root 11241100x8000000000000000655180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a982fded27bcc0622021-12-21 12:21:12.448root 11241100x8000000000000000655181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8c0961f90303292021-12-21 12:21:12.448root 11241100x8000000000000000655182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814beb867c7dfffd2021-12-21 12:21:12.448root 11241100x8000000000000000655183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e6d49277edbcd52021-12-21 12:21:12.449root 11241100x8000000000000000655184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd174c668b5def422021-12-21 12:21:12.449root 11241100x8000000000000000655185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e309545b6f2813d22021-12-21 12:21:12.449root 11241100x8000000000000000655186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b606a42e8369132021-12-21 12:21:12.449root 11241100x8000000000000000655187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5367e4cfab29b1342021-12-21 12:21:12.449root 11241100x8000000000000000655188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422d8283f746a7ab2021-12-21 12:21:12.449root 11241100x8000000000000000655189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f228135e31a07d092021-12-21 12:21:12.449root 11241100x8000000000000000655190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f756506772eb642021-12-21 12:21:12.449root 11241100x8000000000000000655191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a077e64563f0b702021-12-21 12:21:12.944root 11241100x8000000000000000655192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92de77612aee9df92021-12-21 12:21:12.944root 11241100x8000000000000000655193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdbc44cb460c4002021-12-21 12:21:12.944root 11241100x8000000000000000655194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e414f753067cb7d02021-12-21 12:21:12.944root 11241100x8000000000000000655195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffa0b7862af9d402021-12-21 12:21:12.944root 11241100x8000000000000000655196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2391693b8955178e2021-12-21 12:21:12.944root 11241100x8000000000000000655197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1114aafb2db9c4682021-12-21 12:21:12.944root 11241100x8000000000000000655198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668d997efdb5df4f2021-12-21 12:21:12.945root 11241100x8000000000000000655199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0160e221ac801b062021-12-21 12:21:12.945root 11241100x8000000000000000655200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f480f4bdea0862032021-12-21 12:21:12.945root 11241100x8000000000000000655201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5671cf4e9aa5862021-12-21 12:21:12.945root 11241100x8000000000000000655202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81afcb1e555eee12021-12-21 12:21:12.945root 11241100x8000000000000000655203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2c740daf223b6a2021-12-21 12:21:12.945root 11241100x8000000000000000655204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6644a9c2a491678c2021-12-21 12:21:12.945root 11241100x8000000000000000655205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6186b97735e13ce62021-12-21 12:21:12.945root 11241100x8000000000000000655206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c986cede7173af2021-12-21 12:21:12.945root 11241100x8000000000000000655207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e0e8bf1b20f6472021-12-21 12:21:12.946root 11241100x8000000000000000655208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6eb750cb03568f2021-12-21 12:21:12.946root 11241100x8000000000000000655209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47376ac73ee2f9ad2021-12-21 12:21:12.946root 11241100x8000000000000000655210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97aeaccb755fb8a92021-12-21 12:21:12.946root 11241100x8000000000000000655211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea24f1e70ac5e6222021-12-21 12:21:12.946root 11241100x8000000000000000655212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acec2f62fab1ce32021-12-21 12:21:12.946root 11241100x8000000000000000655213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4561da028b0ecc2021-12-21 12:21:12.946root 11241100x8000000000000000655214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6433dd38a08ffffe2021-12-21 12:21:12.946root 11241100x8000000000000000655215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d223843fcc826ba32021-12-21 12:21:12.946root 11241100x8000000000000000655216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3af7ff1b901f1b2021-12-21 12:21:12.947root 11241100x8000000000000000655217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256e4aca008418c82021-12-21 12:21:12.947root 11241100x8000000000000000655218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2153ef4c4bc5782021-12-21 12:21:12.947root 11241100x8000000000000000655219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b91e67330a627a2021-12-21 12:21:12.947root 11241100x8000000000000000655220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca737b1cc887a402021-12-21 12:21:12.947root 11241100x8000000000000000655221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081672093596ac892021-12-21 12:21:12.947root 11241100x8000000000000000655222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028b95cf5e7665742021-12-21 12:21:12.947root 11241100x8000000000000000655223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf3828d1ee120ed2021-12-21 12:21:12.947root 11241100x8000000000000000655224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d437f2ba58a29d3d2021-12-21 12:21:12.947root 11241100x8000000000000000655225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1789cb7d2af4d0c52021-12-21 12:21:12.948root 11241100x8000000000000000655226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da655ce1fe48c6d2021-12-21 12:21:13.443root 11241100x8000000000000000655227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa73cc57cc596582021-12-21 12:21:13.443root 11241100x8000000000000000655228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4953715eced02c6f2021-12-21 12:21:13.444root 11241100x8000000000000000655229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da8e14c3942d9812021-12-21 12:21:13.444root 11241100x8000000000000000655230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3711fffa837ba22021-12-21 12:21:13.444root 11241100x8000000000000000655231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e55180ebd650e0e2021-12-21 12:21:13.444root 11241100x8000000000000000655232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65dbbaba22be86dd2021-12-21 12:21:13.445root 11241100x8000000000000000655233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43457ae59cb6453f2021-12-21 12:21:13.445root 11241100x8000000000000000655234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896c044436878ae82021-12-21 12:21:13.445root 11241100x8000000000000000655235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a942b891f9b6b42021-12-21 12:21:13.445root 11241100x8000000000000000655236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262edbc493d1df952021-12-21 12:21:13.445root 11241100x8000000000000000655237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e82cfbbec681642021-12-21 12:21:13.445root 11241100x8000000000000000655238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46843b25e6996d802021-12-21 12:21:13.445root 11241100x8000000000000000655239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f27c8b109b0fd52021-12-21 12:21:13.445root 11241100x8000000000000000655240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99ad9c91d948a692021-12-21 12:21:13.445root 11241100x8000000000000000655241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73340848c6f085a2021-12-21 12:21:13.445root 11241100x8000000000000000655242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803ee79d9ad3a8372021-12-21 12:21:13.446root 11241100x8000000000000000655243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e503269a297806b62021-12-21 12:21:13.446root 11241100x8000000000000000655244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a13e9e9ea340be42021-12-21 12:21:13.446root 11241100x8000000000000000655245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7cd946722ec5382021-12-21 12:21:13.446root 11241100x8000000000000000655246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd0f1e424859adb2021-12-21 12:21:13.446root 11241100x8000000000000000655247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b6d19a6360246e2021-12-21 12:21:13.446root 11241100x8000000000000000655248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0299c4f247cfae2021-12-21 12:21:13.446root 11241100x8000000000000000655249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7320ab644fbde2542021-12-21 12:21:13.447root 11241100x8000000000000000655250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26987ea858d9a1542021-12-21 12:21:13.447root 11241100x8000000000000000655251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e111d02e7309d902021-12-21 12:21:13.447root 11241100x8000000000000000655252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8814d75bb075bf992021-12-21 12:21:13.447root 11241100x8000000000000000655253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917b4462cbd5bdcf2021-12-21 12:21:13.447root 11241100x8000000000000000655254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86639d991cfbd26d2021-12-21 12:21:13.447root 11241100x8000000000000000655255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abe73eb6c470b172021-12-21 12:21:13.448root 11241100x8000000000000000655256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b44e725f8301c62021-12-21 12:21:13.448root 11241100x8000000000000000655257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09223ed8eac917e42021-12-21 12:21:13.448root 11241100x8000000000000000655258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ab30aa9958e6a02021-12-21 12:21:13.448root 11241100x8000000000000000655259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b39939c11d1d2532021-12-21 12:21:13.448root 11241100x8000000000000000655260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719b9cf58329ba962021-12-21 12:21:13.449root 11241100x8000000000000000655261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f65dbf15400cf742021-12-21 12:21:13.451root 11241100x8000000000000000655262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a010c5abfa2b4e372021-12-21 12:21:13.451root 11241100x8000000000000000655263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b75f1fca525e1232021-12-21 12:21:13.943root 11241100x8000000000000000655264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c44e6c76e7a59282021-12-21 12:21:13.943root 11241100x8000000000000000655265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698c5b959ef6eda42021-12-21 12:21:13.943root 11241100x8000000000000000655266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ac8b80b35daed42021-12-21 12:21:13.943root 11241100x8000000000000000655267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680a2e95d68560ab2021-12-21 12:21:13.943root 11241100x8000000000000000655268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c94aef53809e6e2021-12-21 12:21:13.944root 11241100x8000000000000000655269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb498c53f0aebbf2021-12-21 12:21:13.944root 11241100x8000000000000000655270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c4e69065d24d522021-12-21 12:21:13.944root 11241100x8000000000000000655271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e4832a52d537ac2021-12-21 12:21:13.944root 11241100x8000000000000000655272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d719b998753c38f22021-12-21 12:21:13.944root 11241100x8000000000000000655273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1f119a1fef80c32021-12-21 12:21:13.944root 11241100x8000000000000000655274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2e1456b148433b2021-12-21 12:21:13.944root 11241100x8000000000000000655275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b811678ce52f6f972021-12-21 12:21:13.944root 11241100x8000000000000000655276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2d7cf42847a8282021-12-21 12:21:13.944root 11241100x8000000000000000655277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587b3bd45dfc51072021-12-21 12:21:13.944root 11241100x8000000000000000655278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a68f4392a522a42021-12-21 12:21:13.945root 11241100x8000000000000000655279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1206690555b3892021-12-21 12:21:13.945root 11241100x8000000000000000655280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8228d7869f01b3892021-12-21 12:21:13.945root 11241100x8000000000000000655281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b62226de659af92021-12-21 12:21:13.946root 11241100x8000000000000000655282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b1b3ef30e2aaa62021-12-21 12:21:13.946root 11241100x8000000000000000655283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf75545c6423a0c2021-12-21 12:21:13.946root 11241100x8000000000000000655284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4178663c73d96c052021-12-21 12:21:13.946root 11241100x8000000000000000655285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9cfc4fbecad1d52021-12-21 12:21:13.946root 11241100x8000000000000000655286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3533404c67b94c292021-12-21 12:21:13.946root 11241100x8000000000000000655287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bd6bda2872204f2021-12-21 12:21:13.946root 11241100x8000000000000000655288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c164494d9b773fe2021-12-21 12:21:13.946root 11241100x8000000000000000655289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c04c3f01cb9ab1c2021-12-21 12:21:13.946root 11241100x8000000000000000655290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fa319470926f5b2021-12-21 12:21:13.946root 11241100x8000000000000000655291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fab62f78ae97f412021-12-21 12:21:13.947root 11241100x8000000000000000655292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc7767aad23b94a2021-12-21 12:21:13.947root 11241100x8000000000000000655293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997599ffeac07dda2021-12-21 12:21:13.947root 11241100x8000000000000000655294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4c5c9f912c1c542021-12-21 12:21:13.947root 11241100x8000000000000000655295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c29acecdf714862021-12-21 12:21:13.947root 11241100x8000000000000000655296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535af7fdfe37fe2c2021-12-21 12:21:13.948root 11241100x8000000000000000655297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b03e0608d35be5e2021-12-21 12:21:13.948root 11241100x8000000000000000655298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3baf2d86978bd7a62021-12-21 12:21:13.948root 11241100x8000000000000000655299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8db4789f262a4892021-12-21 12:21:13.948root 11241100x8000000000000000655300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a7ca08bd867ff72021-12-21 12:21:13.948root 11241100x8000000000000000655301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de238e57ffd150662021-12-21 12:21:13.948root 11241100x8000000000000000655302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e33a1790cefd672021-12-21 12:21:13.948root 11241100x8000000000000000655303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e39e79e012d08ec2021-12-21 12:21:13.948root 11241100x8000000000000000655304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2406d9f8562c3d0d2021-12-21 12:21:13.948root 11241100x8000000000000000655305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f8a16a6dec008c2021-12-21 12:21:13.949root 11241100x8000000000000000655306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a6b2629ffc77b12021-12-21 12:21:13.949root 11241100x8000000000000000655307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6deefa1d595d1b2021-12-21 12:21:13.949root 11241100x8000000000000000655308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f8db44324bc8d62021-12-21 12:21:13.949root 11241100x8000000000000000655309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23694a1c2fe23aa82021-12-21 12:21:13.949root 11241100x8000000000000000655310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1497ff4bc77b143a2021-12-21 12:21:13.950root 11241100x8000000000000000655311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5831d4f7ca770fe82021-12-21 12:21:13.950root 11241100x8000000000000000655312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697847c81ebce53c2021-12-21 12:21:13.950root 11241100x8000000000000000655313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf21af334ae37042021-12-21 12:21:13.950root 11241100x8000000000000000655314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133f5a94a2a195f82021-12-21 12:21:13.950root 11241100x8000000000000000655315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02310f4f2280fbd22021-12-21 12:21:13.950root 11241100x8000000000000000655316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f12af394db1fb982021-12-21 12:21:13.950root 11241100x8000000000000000655317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22075de819f55a22021-12-21 12:21:13.950root 11241100x8000000000000000655318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36687bb52f39de5b2021-12-21 12:21:13.950root 11241100x8000000000000000655319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496525415a6c2f2f2021-12-21 12:21:13.950root 11241100x8000000000000000655320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd6cce6d227b2c42021-12-21 12:21:13.951root 11241100x8000000000000000655321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7fb62acd025bb32021-12-21 12:21:13.951root 11241100x8000000000000000655322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aee36790601547a2021-12-21 12:21:13.951root 11241100x8000000000000000655323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1805242ba9cfa47b2021-12-21 12:21:13.951root 11241100x8000000000000000655324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d26c40805182152021-12-21 12:21:13.951root 11241100x8000000000000000655325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b66c8fdfc13252e2021-12-21 12:21:13.951root 11241100x8000000000000000655326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a3aba481983d452021-12-21 12:21:13.951root 11241100x8000000000000000655327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689ffa7741a30f582021-12-21 12:21:13.951root 11241100x8000000000000000655328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d57396be46e691c2021-12-21 12:21:14.443root 11241100x8000000000000000655329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e43004c228b1d22021-12-21 12:21:14.443root 11241100x8000000000000000655330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3864554a3b94e66d2021-12-21 12:21:14.444root 11241100x8000000000000000655331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a16c2b0d82e0fa62021-12-21 12:21:14.444root 11241100x8000000000000000655332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97e561e9b8daa7f2021-12-21 12:21:14.444root 11241100x8000000000000000655333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d7682dfa3ac5c82021-12-21 12:21:14.444root 11241100x8000000000000000655334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3822a6e6950802782021-12-21 12:21:14.444root 11241100x8000000000000000655335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca53c5a49e744b52021-12-21 12:21:14.444root 11241100x8000000000000000655336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5a47ce4320a7ea2021-12-21 12:21:14.445root 11241100x8000000000000000655337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91004d81a39b1022021-12-21 12:21:14.445root 11241100x8000000000000000655338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4bdd2912f0a8732021-12-21 12:21:14.445root 11241100x8000000000000000655339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53cdf2f4be053a72021-12-21 12:21:14.445root 11241100x8000000000000000655340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086e1809b3d236dc2021-12-21 12:21:14.445root 11241100x8000000000000000655341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b8e49dca760e202021-12-21 12:21:14.445root 11241100x8000000000000000655342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7146b1de94b705b02021-12-21 12:21:14.445root 11241100x8000000000000000655343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc246f5d55b1a2d2021-12-21 12:21:14.445root 11241100x8000000000000000655344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84798170e2625efe2021-12-21 12:21:14.445root 11241100x8000000000000000655345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f897a190cea14992021-12-21 12:21:14.445root 11241100x8000000000000000655346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618d7b58a82850472021-12-21 12:21:14.445root 11241100x8000000000000000655347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252d321fc68454c12021-12-21 12:21:14.445root 11241100x8000000000000000655348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637a1db65693c4002021-12-21 12:21:14.446root 11241100x8000000000000000655349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0637a2b60d7fa9472021-12-21 12:21:14.446root 11241100x8000000000000000655350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db8254269f7b4fb2021-12-21 12:21:14.446root 11241100x8000000000000000655351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0105464ca220efc02021-12-21 12:21:14.446root 11241100x8000000000000000655352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9a3669419530bd2021-12-21 12:21:14.447root 11241100x8000000000000000655353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fddacd6bcc4c232021-12-21 12:21:14.447root 11241100x8000000000000000655354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c0e61edcf2b2232021-12-21 12:21:14.448root 11241100x8000000000000000655355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4c95ccea2cb0d72021-12-21 12:21:14.449root 11241100x8000000000000000655356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c8357c769e78112021-12-21 12:21:14.453root 11241100x8000000000000000655357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e274988af1dd338a2021-12-21 12:21:14.453root 11241100x8000000000000000655358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd136eb52df529642021-12-21 12:21:14.453root 11241100x8000000000000000655359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e534b6873a19392021-12-21 12:21:14.454root 11241100x8000000000000000655360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94710c36453c245c2021-12-21 12:21:14.454root 11241100x8000000000000000655361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8bfbcdfa0c7faf2021-12-21 12:21:14.454root 11241100x8000000000000000655362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7b62dba9d1132f2021-12-21 12:21:14.454root 11241100x8000000000000000655363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987a4336d874813f2021-12-21 12:21:14.943root 11241100x8000000000000000655364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4bb5e309a4773d2021-12-21 12:21:14.943root 11241100x8000000000000000655365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848c8420a3b870e42021-12-21 12:21:14.943root 11241100x8000000000000000655366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83ef336f091bb3b2021-12-21 12:21:14.944root 11241100x8000000000000000655367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ffa86ad0db12eb2021-12-21 12:21:14.944root 11241100x8000000000000000655368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f338f3eca7d2ce942021-12-21 12:21:14.944root 11241100x8000000000000000655369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91b03b591767d132021-12-21 12:21:14.944root 11241100x8000000000000000655370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5df30d246192fe2021-12-21 12:21:14.944root 11241100x8000000000000000655371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500a97ffaf9481c62021-12-21 12:21:14.945root 11241100x8000000000000000655372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590fe2264cd08bd82021-12-21 12:21:14.945root 11241100x8000000000000000655373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1feb6ed95680d4432021-12-21 12:21:14.945root 11241100x8000000000000000655374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb5a433570dc1482021-12-21 12:21:14.945root 11241100x8000000000000000655375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba45a64cd3d1c0ce2021-12-21 12:21:14.945root 11241100x8000000000000000655376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7459f00e1907f9d72021-12-21 12:21:14.945root 11241100x8000000000000000655377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4702a3b1bdd7371b2021-12-21 12:21:14.945root 11241100x8000000000000000655378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658eb5a2adc4012a2021-12-21 12:21:14.945root 11241100x8000000000000000655379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187ebc4a2b608eab2021-12-21 12:21:14.945root 11241100x8000000000000000655380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aead3217175a379b2021-12-21 12:21:14.946root 11241100x8000000000000000655381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867f72be4dc56e702021-12-21 12:21:14.946root 11241100x8000000000000000655382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82a5aafe01c5a182021-12-21 12:21:14.946root 11241100x8000000000000000655383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8249adf5a87a77d32021-12-21 12:21:14.946root 11241100x8000000000000000655384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208bef5c1a8731f52021-12-21 12:21:14.946root 11241100x8000000000000000655385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7e15f2191d78562021-12-21 12:21:14.946root 11241100x8000000000000000655386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e54180ddcf9ca12021-12-21 12:21:14.946root 11241100x8000000000000000655387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ee0adaa95f8a472021-12-21 12:21:14.946root 11241100x8000000000000000655388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984f7c9ef9a2ec362021-12-21 12:21:14.946root 11241100x8000000000000000655389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32b7393b2af0efd2021-12-21 12:21:14.947root 11241100x8000000000000000655390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0afef73843cc922021-12-21 12:21:14.947root 11241100x8000000000000000655391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14a0d8e40685f792021-12-21 12:21:14.947root 11241100x8000000000000000655392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccd0104bb721b272021-12-21 12:21:14.947root 11241100x8000000000000000655393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d50099256974d8f2021-12-21 12:21:14.947root 11241100x8000000000000000655394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f219bbc98183d02021-12-21 12:21:14.947root 11241100x8000000000000000655395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f1b81f3e8575842021-12-21 12:21:14.947root 11241100x8000000000000000655396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59b047adadf75a12021-12-21 12:21:14.947root 11241100x8000000000000000655397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a153c09cc109612021-12-21 12:21:14.948root 11241100x8000000000000000655398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5986c0028c70b52021-12-21 12:21:14.948root 11241100x8000000000000000655399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5edb25cf563b3772021-12-21 12:21:14.948root 354300x8000000000000000655400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.145{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49864-false10.0.1.12-8000- 11241100x8000000000000000655401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bd23266ba702672021-12-21 12:21:15.443root 11241100x8000000000000000655402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd477b3e9fd48e472021-12-21 12:21:15.443root 11241100x8000000000000000655403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db54ed0f252121ff2021-12-21 12:21:15.443root 11241100x8000000000000000655404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35039453a88d3f412021-12-21 12:21:15.444root 11241100x8000000000000000655405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93cab2b7d5a361372021-12-21 12:21:15.444root 11241100x8000000000000000655406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69245be6edfe52ed2021-12-21 12:21:15.444root 11241100x8000000000000000655407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3f66641e732f422021-12-21 12:21:15.444root 11241100x8000000000000000655408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487592cc36e564fd2021-12-21 12:21:15.444root 11241100x8000000000000000655409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7883446d1260192021-12-21 12:21:15.444root 11241100x8000000000000000655410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc992ca909cbed22021-12-21 12:21:15.444root 11241100x8000000000000000655411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec23edd425f406d2021-12-21 12:21:15.444root 11241100x8000000000000000655412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0a54be770549cb2021-12-21 12:21:15.444root 11241100x8000000000000000655413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5d5e04499b97de2021-12-21 12:21:15.444root 11241100x8000000000000000655414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52be521da67206d2021-12-21 12:21:15.445root 11241100x8000000000000000655415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc09b37e87b2b752021-12-21 12:21:15.445root 11241100x8000000000000000655416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dec85b338a0483c2021-12-21 12:21:15.445root 11241100x8000000000000000655417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8338f47a47cb7d392021-12-21 12:21:15.445root 11241100x8000000000000000655418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c135dac4023484342021-12-21 12:21:15.445root 11241100x8000000000000000655419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e164dadfce4ed8e82021-12-21 12:21:15.446root 11241100x8000000000000000655420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b626877fd800503a2021-12-21 12:21:15.446root 11241100x8000000000000000655421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1d00cac92155b52021-12-21 12:21:15.447root 11241100x8000000000000000655422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710b1c2f26673ee72021-12-21 12:21:15.447root 11241100x8000000000000000655423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bd4062e63963ef2021-12-21 12:21:15.447root 11241100x8000000000000000655424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f80af6116dfc0712021-12-21 12:21:15.447root 11241100x8000000000000000655425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96eca0a2458ef6df2021-12-21 12:21:15.448root 11241100x8000000000000000655426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca36ec7f348b57922021-12-21 12:21:15.448root 11241100x8000000000000000655427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ef7e05fb3d1a112021-12-21 12:21:15.448root 11241100x8000000000000000655428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c456c6cd464e6f92021-12-21 12:21:15.448root 11241100x8000000000000000655429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b992b08c45a310872021-12-21 12:21:15.448root 11241100x8000000000000000655430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622994c3b2cf28722021-12-21 12:21:15.449root 11241100x8000000000000000655431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f611f87500bf90c22021-12-21 12:21:15.449root 11241100x8000000000000000655432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324f8425506f1f652021-12-21 12:21:15.449root 11241100x8000000000000000655433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf972111fd91483b2021-12-21 12:21:15.449root 11241100x8000000000000000655434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca5cd2f28cacffa2021-12-21 12:21:15.449root 11241100x8000000000000000655435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e631115d8ec110072021-12-21 12:21:15.450root 11241100x8000000000000000655436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf38c4807270d5d2021-12-21 12:21:15.450root 11241100x8000000000000000655437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9696ed4c2f59f32021-12-21 12:21:15.450root 11241100x8000000000000000655438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39f2954b5b118742021-12-21 12:21:15.450root 11241100x8000000000000000655439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecca5645f7e2d9942021-12-21 12:21:15.943root 11241100x8000000000000000655440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660ccb8abd5833582021-12-21 12:21:15.943root 11241100x8000000000000000655441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bdc9d2e95d12842021-12-21 12:21:15.943root 11241100x8000000000000000655442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37916cda7f4df5d82021-12-21 12:21:15.943root 11241100x8000000000000000655443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62546c3c72ea40cb2021-12-21 12:21:15.944root 11241100x8000000000000000655444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899ff9da9a92415b2021-12-21 12:21:15.944root 11241100x8000000000000000655445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df7d91678b2de0f2021-12-21 12:21:15.944root 11241100x8000000000000000655446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d8f58e6760ff3e2021-12-21 12:21:15.944root 11241100x8000000000000000655447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3eacc2073cb561d2021-12-21 12:21:15.944root 11241100x8000000000000000655448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0793d2c9ab413682021-12-21 12:21:15.944root 11241100x8000000000000000655449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a545240022e396482021-12-21 12:21:15.944root 11241100x8000000000000000655450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b5bc997e663c382021-12-21 12:21:15.944root 11241100x8000000000000000655451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471d9335b2f9f5fc2021-12-21 12:21:15.944root 11241100x8000000000000000655452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23874f249ee7cd3e2021-12-21 12:21:15.944root 11241100x8000000000000000655453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0850a5c5c4c075572021-12-21 12:21:15.944root 11241100x8000000000000000655454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50872fd469634d22021-12-21 12:21:15.944root 11241100x8000000000000000655455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d4282a72f2b3602021-12-21 12:21:15.944root 11241100x8000000000000000655456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6305f347003c6e02021-12-21 12:21:15.944root 11241100x8000000000000000655457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a30e286302aa6f2021-12-21 12:21:15.944root 11241100x8000000000000000655458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5950bc3716b4aebc2021-12-21 12:21:15.944root 11241100x8000000000000000655459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed1fa465eaaef442021-12-21 12:21:15.945root 11241100x8000000000000000655460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c64eeea101c4072021-12-21 12:21:15.945root 11241100x8000000000000000655461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314090bd8bdb0f412021-12-21 12:21:15.945root 11241100x8000000000000000655462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebafcac279a187c2021-12-21 12:21:15.945root 11241100x8000000000000000655463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc0ee66b568f4c82021-12-21 12:21:15.945root 11241100x8000000000000000655464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc3280712b560342021-12-21 12:21:15.945root 11241100x8000000000000000655465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95e9e34b308413d2021-12-21 12:21:15.945root 11241100x8000000000000000655466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a70bda2175a49812021-12-21 12:21:15.945root 11241100x8000000000000000655467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22bd9776b03f2b32021-12-21 12:21:15.945root 11241100x8000000000000000655468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1560e7c5521a012021-12-21 12:21:15.945root 11241100x8000000000000000655469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8100d5637eded0ce2021-12-21 12:21:15.945root 11241100x8000000000000000655470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92db31fd164698de2021-12-21 12:21:15.945root 11241100x8000000000000000655471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e16dde1ca0e4eb2021-12-21 12:21:15.945root 11241100x8000000000000000655472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35257f22bdf2b9362021-12-21 12:21:15.945root 11241100x8000000000000000655473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f954288660cc092021-12-21 12:21:15.945root 11241100x8000000000000000655474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343199eac385a8c32021-12-21 12:21:15.945root 11241100x8000000000000000655475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed74246219b0e0932021-12-21 12:21:15.945root 11241100x8000000000000000655476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c453b9734062e0e12021-12-21 12:21:15.946root 11241100x8000000000000000655477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e853972eb84a1492021-12-21 12:21:15.946root 11241100x8000000000000000655478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34842352ff322ce2021-12-21 12:21:15.946root 11241100x8000000000000000655479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343243a90edf725b2021-12-21 12:21:15.946root 11241100x8000000000000000655480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ca61667c7a4fae2021-12-21 12:21:15.946root 11241100x8000000000000000655481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34033245d669c352021-12-21 12:21:15.946root 11241100x8000000000000000655482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106afbbd9f38e8862021-12-21 12:21:15.946root 11241100x8000000000000000655483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfc767598e286ac2021-12-21 12:21:15.946root 11241100x8000000000000000655484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b189faf4b1814ca92021-12-21 12:21:15.946root 11241100x8000000000000000655485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea87773cd1084db62021-12-21 12:21:15.946root 11241100x8000000000000000655486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635029cf0ad7f6aa2021-12-21 12:21:15.946root 11241100x8000000000000000655487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d0dc8627016e142021-12-21 12:21:15.946root 11241100x8000000000000000655488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56de453f891dfb7b2021-12-21 12:21:15.946root 11241100x8000000000000000655489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be983db5db0897fd2021-12-21 12:21:16.443root 11241100x8000000000000000655490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf6f6123bed78312021-12-21 12:21:16.443root 11241100x8000000000000000655491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1e7dee6843305e2021-12-21 12:21:16.443root 11241100x8000000000000000655492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd72aca7a061e6e12021-12-21 12:21:16.443root 11241100x8000000000000000655493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20aeba9f96427a82021-12-21 12:21:16.443root 11241100x8000000000000000655494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a1926fce9669fb2021-12-21 12:21:16.444root 11241100x8000000000000000655495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39be6ae8f3faab72021-12-21 12:21:16.444root 11241100x8000000000000000655496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b08e7fca1880dd52021-12-21 12:21:16.444root 11241100x8000000000000000655497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e010b8de81d015702021-12-21 12:21:16.444root 11241100x8000000000000000655498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f0e759714b0e452021-12-21 12:21:16.444root 11241100x8000000000000000655499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f694fd19256d822021-12-21 12:21:16.444root 11241100x8000000000000000655500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fbe9d3e75c8dfb2021-12-21 12:21:16.444root 11241100x8000000000000000655501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2219487ca5af10a92021-12-21 12:21:16.444root 11241100x8000000000000000655502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aafc105e456b27c2021-12-21 12:21:16.444root 11241100x8000000000000000655503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d642e20f59f22b2021-12-21 12:21:16.444root 11241100x8000000000000000655504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9371d68d99ed67d2021-12-21 12:21:16.445root 11241100x8000000000000000655505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd26c6102d702292021-12-21 12:21:16.445root 11241100x8000000000000000655506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f307d41b2a3f91c92021-12-21 12:21:16.445root 11241100x8000000000000000655507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2302b2e90320132021-12-21 12:21:16.445root 11241100x8000000000000000655508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50fcb761cfe2c782021-12-21 12:21:16.445root 11241100x8000000000000000655509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f7fc09900b371a2021-12-21 12:21:16.445root 11241100x8000000000000000655510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30fe4413ebcc0bd2021-12-21 12:21:16.445root 11241100x8000000000000000655511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c74f5f9abd3d1a72021-12-21 12:21:16.445root 11241100x8000000000000000655512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e4b1f4fc9f47022021-12-21 12:21:16.445root 11241100x8000000000000000655513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde075517c8ef6b42021-12-21 12:21:16.445root 11241100x8000000000000000655514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f435984c27ab4e2c2021-12-21 12:21:16.446root 11241100x8000000000000000655515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94651ffee7713d482021-12-21 12:21:16.446root 11241100x8000000000000000655516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418e8d280efddb3d2021-12-21 12:21:16.446root 11241100x8000000000000000655517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7b2cdc23f2715c2021-12-21 12:21:16.446root 11241100x8000000000000000655518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9549f04f80f353862021-12-21 12:21:16.446root 11241100x8000000000000000655519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca862644d1b198ef2021-12-21 12:21:16.446root 11241100x8000000000000000655520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f6e3619d94e2562021-12-21 12:21:16.446root 11241100x8000000000000000655521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54c0581a0e606f52021-12-21 12:21:16.446root 11241100x8000000000000000655522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6040cef989f288e32021-12-21 12:21:16.446root 11241100x8000000000000000655523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f02037820282362021-12-21 12:21:16.446root 11241100x8000000000000000655524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d232604cff2d062f2021-12-21 12:21:16.446root 11241100x8000000000000000655525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f577f151bd1d6b2021-12-21 12:21:16.446root 11241100x8000000000000000655526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2d4fe880e4d1942021-12-21 12:21:16.446root 11241100x8000000000000000655527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413a08cf4ecfb0002021-12-21 12:21:16.446root 11241100x8000000000000000655528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b51549e09731f712021-12-21 12:21:16.446root 11241100x8000000000000000655529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae9f26aac7251432021-12-21 12:21:16.446root 11241100x8000000000000000655530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73addaa25376171f2021-12-21 12:21:16.447root 11241100x8000000000000000655531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89174707236c4acf2021-12-21 12:21:16.447root 11241100x8000000000000000655532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a12b379d7dc32ec2021-12-21 12:21:16.447root 11241100x8000000000000000655533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24301759b7f5cae82021-12-21 12:21:16.447root 11241100x8000000000000000655534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc167d303bd092ba2021-12-21 12:21:16.447root 11241100x8000000000000000655535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8995d141c38dc5e52021-12-21 12:21:16.447root 11241100x8000000000000000655536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6366645ea27da5f2021-12-21 12:21:16.447root 11241100x8000000000000000655537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd32411e2c29549e2021-12-21 12:21:16.447root 11241100x8000000000000000655538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a717ed0485c9227a2021-12-21 12:21:16.447root 11241100x8000000000000000655539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa0fba9c4ee7c562021-12-21 12:21:16.447root 11241100x8000000000000000655540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d64b7bfaba232d2021-12-21 12:21:16.449root 11241100x8000000000000000655541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b79421d9e5a90b02021-12-21 12:21:16.449root 11241100x8000000000000000655542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca3cdcdaeceee932021-12-21 12:21:16.943root 11241100x8000000000000000655543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932d899639049f332021-12-21 12:21:16.943root 11241100x8000000000000000655544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8e0c912ff0c1fa2021-12-21 12:21:16.943root 11241100x8000000000000000655545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065919000144f6922021-12-21 12:21:16.943root 11241100x8000000000000000655546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78e5c34716793822021-12-21 12:21:16.944root 11241100x8000000000000000655547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42d6f5f9e1242322021-12-21 12:21:16.944root 11241100x8000000000000000655548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d54dee6ed1977ff2021-12-21 12:21:16.944root 11241100x8000000000000000655549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156dbcb28130424e2021-12-21 12:21:16.944root 11241100x8000000000000000655550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b9f771615baf8a2021-12-21 12:21:16.944root 11241100x8000000000000000655551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a570edb0f1f6ed2021-12-21 12:21:16.944root 11241100x8000000000000000655552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ee469f5646385a2021-12-21 12:21:16.944root 11241100x8000000000000000655553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87aeb9ef89a887f62021-12-21 12:21:16.944root 11241100x8000000000000000655554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2ad9fa25a0c3a92021-12-21 12:21:16.944root 11241100x8000000000000000655555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7e899573e7d9582021-12-21 12:21:16.944root 11241100x8000000000000000655556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e118b98f7a1de12021-12-21 12:21:16.944root 11241100x8000000000000000655557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13fe0de004659242021-12-21 12:21:16.944root 11241100x8000000000000000655558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997ec0697f6f8df72021-12-21 12:21:16.945root 11241100x8000000000000000655559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9934f2545cb117b32021-12-21 12:21:16.945root 11241100x8000000000000000655560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3220d72aa1c5e02021-12-21 12:21:16.945root 11241100x8000000000000000655561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3248c2d7374f87322021-12-21 12:21:16.945root 11241100x8000000000000000655562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dadee2a36e875d92021-12-21 12:21:16.945root 11241100x8000000000000000655563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ec4612fd31aa182021-12-21 12:21:16.945root 11241100x8000000000000000655564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d61714861153eb72021-12-21 12:21:16.945root 11241100x8000000000000000655565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e583f137c90666f42021-12-21 12:21:16.945root 11241100x8000000000000000655566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c2d78d599cdef92021-12-21 12:21:16.945root 11241100x8000000000000000655567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784f3905c7d0e2742021-12-21 12:21:16.945root 11241100x8000000000000000655568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078fdb3c4bbdbc562021-12-21 12:21:16.945root 11241100x8000000000000000655569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b681d837f70fef5e2021-12-21 12:21:16.945root 11241100x8000000000000000655570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc1ffc8e131495c2021-12-21 12:21:16.945root 11241100x8000000000000000655571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117b5f04902830942021-12-21 12:21:16.946root 11241100x8000000000000000655572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d30615345959ea2021-12-21 12:21:16.946root 11241100x8000000000000000655573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031ceba669367feb2021-12-21 12:21:16.946root 11241100x8000000000000000655574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fc3f2b9983f3002021-12-21 12:21:16.946root 11241100x8000000000000000655575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267b3a7f3806ddb22021-12-21 12:21:16.946root 11241100x8000000000000000655576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7aadf5bd7fba5ef2021-12-21 12:21:16.946root 11241100x8000000000000000655577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c4e78cdbecf1642021-12-21 12:21:16.946root 11241100x8000000000000000655578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a3ec5ccb7dfeda2021-12-21 12:21:16.946root 11241100x8000000000000000655579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df749cf412c79a22021-12-21 12:21:17.443root 11241100x8000000000000000655580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37065335cd4f00672021-12-21 12:21:17.443root 11241100x8000000000000000655581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f1bec213988ee12021-12-21 12:21:17.443root 11241100x8000000000000000655582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e360aa86f7e0ba52021-12-21 12:21:17.443root 11241100x8000000000000000655583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15047f02a9732492021-12-21 12:21:17.444root 11241100x8000000000000000655584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206d307976b11a172021-12-21 12:21:17.444root 11241100x8000000000000000655585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fab470f30baa472021-12-21 12:21:17.444root 11241100x8000000000000000655586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d224f980bffb02b82021-12-21 12:21:17.444root 11241100x8000000000000000655587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494f134e419266062021-12-21 12:21:17.444root 11241100x8000000000000000655588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19932b2ac57bca9f2021-12-21 12:21:17.444root 11241100x8000000000000000655589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd2f1d719567c302021-12-21 12:21:17.444root 11241100x8000000000000000655590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b4ea90efe467a22021-12-21 12:21:17.444root 11241100x8000000000000000655591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5fdec10ad0535b2021-12-21 12:21:17.444root 11241100x8000000000000000655592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc46140e9ae2cff2021-12-21 12:21:17.444root 11241100x8000000000000000655593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3698e5678531712021-12-21 12:21:17.444root 11241100x8000000000000000655594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2433c6a95d985ba12021-12-21 12:21:17.444root 11241100x8000000000000000655595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51a9149a15505642021-12-21 12:21:17.444root 11241100x8000000000000000655596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5efe98e4b7834d42021-12-21 12:21:17.444root 11241100x8000000000000000655597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691cbdd5e1ed82f42021-12-21 12:21:17.445root 11241100x8000000000000000655598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1380de5629fc9d52021-12-21 12:21:17.445root 11241100x8000000000000000655599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a14cae87788c0852021-12-21 12:21:17.445root 11241100x8000000000000000655600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cca5b4e97dae2b2021-12-21 12:21:17.445root 11241100x8000000000000000655601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db07f1e9ebfcd8982021-12-21 12:21:17.445root 11241100x8000000000000000655602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447b68b3064d80b92021-12-21 12:21:17.445root 11241100x8000000000000000655603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d76827d25e96212021-12-21 12:21:17.445root 11241100x8000000000000000655604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447abf2579b9e9cd2021-12-21 12:21:17.445root 11241100x8000000000000000655605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd111bf25aa9ef362021-12-21 12:21:17.445root 11241100x8000000000000000655606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c378db32d7a1c32021-12-21 12:21:17.445root 11241100x8000000000000000655607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8747476e5658f2e2021-12-21 12:21:17.446root 11241100x8000000000000000655608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc70bd5fc43525cd2021-12-21 12:21:17.446root 11241100x8000000000000000655609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7255088a3fe5a8252021-12-21 12:21:17.446root 11241100x8000000000000000655610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c5728f971f30372021-12-21 12:21:17.446root 11241100x8000000000000000655611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d575865c35b1c9f2021-12-21 12:21:17.446root 11241100x8000000000000000655612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58d5a8d3ca0309a2021-12-21 12:21:17.446root 11241100x8000000000000000655613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e3785a184f8b902021-12-21 12:21:17.446root 11241100x8000000000000000655614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571b35b37f94d0ad2021-12-21 12:21:17.446root 11241100x8000000000000000655615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cad2f9cec9ca2a2021-12-21 12:21:17.943root 11241100x8000000000000000655616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13065fe566aa49e82021-12-21 12:21:17.943root 11241100x8000000000000000655617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa87127397f7ba792021-12-21 12:21:17.943root 11241100x8000000000000000655618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004d536e5d7d66952021-12-21 12:21:17.944root 11241100x8000000000000000655619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f6ac895dcb478f2021-12-21 12:21:17.944root 11241100x8000000000000000655620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255e5ee584f4193c2021-12-21 12:21:17.944root 11241100x8000000000000000655621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2eac45baa1dbcff2021-12-21 12:21:17.944root 11241100x8000000000000000655622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54345162194b2ad32021-12-21 12:21:17.944root 11241100x8000000000000000655623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0598ac7b82a5ee72021-12-21 12:21:17.944root 11241100x8000000000000000655624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40d9a5a93efcdb22021-12-21 12:21:17.944root 11241100x8000000000000000655625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58998b6c9e49dbac2021-12-21 12:21:17.944root 11241100x8000000000000000655626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2219e54ecc762ee02021-12-21 12:21:17.944root 11241100x8000000000000000655627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532b9e26235a1bae2021-12-21 12:21:17.944root 11241100x8000000000000000655628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029683dc0f4ce30a2021-12-21 12:21:17.944root 11241100x8000000000000000655629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f393e084f9c176c2021-12-21 12:21:17.944root 11241100x8000000000000000655630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d2ba58176a6e432021-12-21 12:21:17.944root 11241100x8000000000000000655631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3f788fd7409bd02021-12-21 12:21:17.945root 11241100x8000000000000000655632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5bff568cdab4402021-12-21 12:21:17.945root 11241100x8000000000000000655633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bde815bd0beb4922021-12-21 12:21:17.945root 11241100x8000000000000000655634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4745fb03dd8416c22021-12-21 12:21:17.945root 11241100x8000000000000000655635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e607fbe50785342021-12-21 12:21:17.945root 11241100x8000000000000000655636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3454f1452bf8d7622021-12-21 12:21:17.945root 11241100x8000000000000000655637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4775ed78545133e82021-12-21 12:21:17.945root 11241100x8000000000000000655638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72afa92ce6de57c02021-12-21 12:21:17.945root 11241100x8000000000000000655639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bef18b923f954e2021-12-21 12:21:17.945root 11241100x8000000000000000655640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc28e1e10d493562021-12-21 12:21:17.945root 11241100x8000000000000000655641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231bbf1faf66ef802021-12-21 12:21:17.945root 11241100x8000000000000000655642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd60630ead6afa282021-12-21 12:21:17.945root 11241100x8000000000000000655643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8df34c9f32a37192021-12-21 12:21:17.945root 11241100x8000000000000000655644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602fe99058677d212021-12-21 12:21:17.946root 11241100x8000000000000000655645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c0e5a45f70c2532021-12-21 12:21:17.946root 11241100x8000000000000000655646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200d986a0eccd06a2021-12-21 12:21:17.946root 11241100x8000000000000000655647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f121a8bb6e8d34912021-12-21 12:21:17.946root 11241100x8000000000000000655648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de777b7639be0f52021-12-21 12:21:17.946root 11241100x8000000000000000655649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6cd59a1afe6f462021-12-21 12:21:17.946root 11241100x8000000000000000655650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2504e8c0fd748f2021-12-21 12:21:17.946root 11241100x8000000000000000655651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363313318231e1942021-12-21 12:21:17.946root 11241100x8000000000000000655652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e91a9eecd5d96462021-12-21 12:21:17.947root 11241100x8000000000000000655653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cefc2b4c094c8942021-12-21 12:21:17.947root 11241100x8000000000000000655654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80631ed47e05bb72021-12-21 12:21:17.947root 11241100x8000000000000000655655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190639626d90d4f12021-12-21 12:21:17.947root 11241100x8000000000000000655656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd69f9d4bb1c6a22021-12-21 12:21:17.947root 11241100x8000000000000000655657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485cf004202ea4302021-12-21 12:21:17.947root 11241100x8000000000000000655658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949a3ed3ab8529b42021-12-21 12:21:17.947root 11241100x8000000000000000655659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbe18d4ca4136642021-12-21 12:21:17.947root 11241100x8000000000000000655660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14763ee3bd5105c62021-12-21 12:21:17.947root 11241100x8000000000000000655661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6550aabb595238a2021-12-21 12:21:17.947root 11241100x8000000000000000655662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5a0bb2ec3ff3312021-12-21 12:21:17.947root 11241100x8000000000000000655663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9537d50e6e3ff5b82021-12-21 12:21:17.947root 11241100x8000000000000000655664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b7c4ff35f391c22021-12-21 12:21:17.947root 11241100x8000000000000000655665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3471d6e3077974342021-12-21 12:21:17.947root 11241100x8000000000000000655666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cd17060ee83e512021-12-21 12:21:18.443root 11241100x8000000000000000655667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d3764119ebd7fb2021-12-21 12:21:18.443root 11241100x8000000000000000655668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9d5d2d3096a4772021-12-21 12:21:18.443root 11241100x8000000000000000655669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e50d46650f1d282021-12-21 12:21:18.443root 11241100x8000000000000000655670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a358dbf0086b2fb2021-12-21 12:21:18.443root 11241100x8000000000000000655671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad932697f4e9672f2021-12-21 12:21:18.443root 11241100x8000000000000000655672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0745ee8431d7741e2021-12-21 12:21:18.443root 11241100x8000000000000000655673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72626a5a14507352021-12-21 12:21:18.443root 11241100x8000000000000000655674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df687e9e4581be182021-12-21 12:21:18.443root 11241100x8000000000000000655675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65699991e47c704d2021-12-21 12:21:18.444root 11241100x8000000000000000655676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8112aff6537d9c2021-12-21 12:21:18.444root 11241100x8000000000000000655677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5007f0fb3fb1cfc72021-12-21 12:21:18.444root 11241100x8000000000000000655678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301b875e3a6940c52021-12-21 12:21:18.444root 11241100x8000000000000000655679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb4bbd6a3da54482021-12-21 12:21:18.444root 11241100x8000000000000000655680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dedb8df74ea2f0b2021-12-21 12:21:18.444root 11241100x8000000000000000655681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98eb0de33b7b469a2021-12-21 12:21:18.444root 11241100x8000000000000000655682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54abcfab14dc4772021-12-21 12:21:18.444root 11241100x8000000000000000655683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae9da5e3fc849012021-12-21 12:21:18.444root 11241100x8000000000000000655684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352c47b54d48163a2021-12-21 12:21:18.444root 11241100x8000000000000000655685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2d1698f774f40d2021-12-21 12:21:18.444root 11241100x8000000000000000655686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cb5590ad4bc0522021-12-21 12:21:18.445root 11241100x8000000000000000655687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606a542d21be587e2021-12-21 12:21:18.445root 11241100x8000000000000000655688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e426df2878a1ed4f2021-12-21 12:21:18.445root 11241100x8000000000000000655689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdfa602c5a368d92021-12-21 12:21:18.445root 11241100x8000000000000000655690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b0eb546358505b2021-12-21 12:21:18.445root 11241100x8000000000000000655691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdd2e72a3b286142021-12-21 12:21:18.445root 11241100x8000000000000000655692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0eefa129c7926a2021-12-21 12:21:18.445root 11241100x8000000000000000655693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfa8b48c7ea12f52021-12-21 12:21:18.445root 11241100x8000000000000000655694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613e5d5f2fcdef342021-12-21 12:21:18.445root 11241100x8000000000000000655695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3844362437c816762021-12-21 12:21:18.445root 11241100x8000000000000000655696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c22c564cc697ca2021-12-21 12:21:18.445root 11241100x8000000000000000655697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9e03ac380fcb512021-12-21 12:21:18.446root 11241100x8000000000000000655698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fec9959eabf01a2021-12-21 12:21:18.446root 11241100x8000000000000000655699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01bfe7eaadd75922021-12-21 12:21:18.446root 11241100x8000000000000000655700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bded56fded9d8b2021-12-21 12:21:18.446root 11241100x8000000000000000655701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b94864c61dc62e52021-12-21 12:21:18.446root 11241100x8000000000000000655702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68926fc3562ab6e22021-12-21 12:21:18.446root 11241100x8000000000000000655703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5d74207bfd1aa72021-12-21 12:21:18.446root 11241100x8000000000000000655704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f38ebe319a5eede2021-12-21 12:21:18.446root 11241100x8000000000000000655705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d42ecdc344c87862021-12-21 12:21:18.446root 11241100x8000000000000000655706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4be4d10ec278e42021-12-21 12:21:18.447root 11241100x8000000000000000655707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ba36d9f8ca02612021-12-21 12:21:18.447root 11241100x8000000000000000655708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5549e8f188bbe9a2021-12-21 12:21:18.447root 11241100x8000000000000000655709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6eb6f89fc39c0732021-12-21 12:21:18.447root 11241100x8000000000000000655710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969bd2fc482c867b2021-12-21 12:21:18.447root 11241100x8000000000000000655711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac62a07ffbdb78f2021-12-21 12:21:18.447root 11241100x8000000000000000655712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c3c10d1a1f49422021-12-21 12:21:18.447root 11241100x8000000000000000655713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6bd53fca55da2d2021-12-21 12:21:18.448root 11241100x8000000000000000655714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf846c840c168942021-12-21 12:21:18.448root 11241100x8000000000000000655715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1377dfcb79d615032021-12-21 12:21:18.448root 11241100x8000000000000000655716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605e36fa964e9dd02021-12-21 12:21:18.448root 11241100x8000000000000000655717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0678e1ce45cfcf82021-12-21 12:21:18.448root 11241100x8000000000000000655718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5730b0f344cecb372021-12-21 12:21:18.448root 354300x8000000000000000655755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:20.176{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49866-false10.0.1.12-8000- 11241100x8000000000000000655756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:20.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ac5c88ad8aefb32021-12-21 12:21:20.442root 11241100x8000000000000000655757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:20.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d150c8e7938eef2021-12-21 12:21:20.942root 11241100x8000000000000000655758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5317c1e0b33034e2021-12-21 12:21:21.444root 11241100x8000000000000000655759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:21.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68dfd1c62070dc022021-12-21 12:21:21.942root 11241100x8000000000000000655760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:22.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a744a305e7c16c2021-12-21 12:21:22.442root 11241100x8000000000000000655761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:22.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a4940d216f8b862021-12-21 12:21:22.942root 11241100x8000000000000000655762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:23.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fc452d66fb24492021-12-21 12:21:23.442root 11241100x8000000000000000655763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:23.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbbace22665a0032021-12-21 12:21:23.942root 11241100x8000000000000000655764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:24.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f96e35538b301b92021-12-21 12:21:24.442root 11241100x8000000000000000655765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:24.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40697617c045a4e82021-12-21 12:21:24.942root 11241100x8000000000000000655766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:25.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da97434e7fa99252021-12-21 12:21:25.442root 354300x8000000000000000655767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:25.791{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-36932-false10.0.1.12-8089- 11241100x8000000000000000655768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:25.791{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc887cca3b8af792021-12-21 12:21:25.791root 354300x8000000000000000655769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:26.097{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49870-false10.0.1.12-8000- 11241100x8000000000000000655770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:26.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cff81423d4bddb2021-12-21 12:21:26.097root 11241100x8000000000000000655771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:26.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcbdf440f9897c82021-12-21 12:21:26.097root 11241100x8000000000000000655772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:26.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe1fd25af9f7e4a2021-12-21 12:21:26.442root 11241100x8000000000000000655773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45873eb78a372cb2021-12-21 12:21:26.443root 11241100x8000000000000000655774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02f5cdd07d641942021-12-21 12:21:26.443root 11241100x8000000000000000655775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:26.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1ce84657e5e2bb2021-12-21 12:21:26.942root 11241100x8000000000000000655776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa123d534651dde2021-12-21 12:21:26.943root 11241100x8000000000000000655777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d377b33ff158b92021-12-21 12:21:26.943root 11241100x8000000000000000655778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:27.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16484c84cb2dce902021-12-21 12:21:27.442root 11241100x8000000000000000655779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7fe340b26e3a362021-12-21 12:21:27.443root 11241100x8000000000000000655780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4c368f7620d8392021-12-21 12:21:27.443root 11241100x8000000000000000655781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:27.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746a819a132b2ca62021-12-21 12:21:27.942root 11241100x8000000000000000655782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8d55bece4ca3b32021-12-21 12:21:27.943root 11241100x8000000000000000655783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b7caa585e5b3142021-12-21 12:21:27.943root 11241100x8000000000000000655784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752b2753057355b42021-12-21 12:21:28.443root 11241100x8000000000000000655785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65087bc602276f3b2021-12-21 12:21:28.443root 11241100x8000000000000000655786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c04b8c7ddf8ffa2021-12-21 12:21:28.443root 11241100x8000000000000000655787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a5e9d30e067f102021-12-21 12:21:28.943root 11241100x8000000000000000655788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a6b2375dbbf2c22021-12-21 12:21:28.943root 11241100x8000000000000000655789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf26bc9caf3529c52021-12-21 12:21:28.943root 11241100x8000000000000000655790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:29.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a7cb295b0f0fdc2021-12-21 12:21:29.442root 11241100x8000000000000000655791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b94b171f210c7d2021-12-21 12:21:29.443root 11241100x8000000000000000655792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58cc46e7aab49522021-12-21 12:21:29.443root 11241100x8000000000000000655793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:29.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be778f38ce8f5b8d2021-12-21 12:21:29.942root 11241100x8000000000000000655794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045cb7f7bef269fd2021-12-21 12:21:29.943root 11241100x8000000000000000655795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8865a37cad47762021-12-21 12:21:29.943root 11241100x8000000000000000655796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:30.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47fa7e594623c222021-12-21 12:21:30.442root 11241100x8000000000000000655797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fced8ae3d75fae2021-12-21 12:21:30.443root 11241100x8000000000000000655798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ad3adbb7c3bc622021-12-21 12:21:30.443root 11241100x8000000000000000655799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:30.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ca641094c081c12021-12-21 12:21:30.942root 11241100x8000000000000000655800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404f1bcc48f6fa592021-12-21 12:21:30.943root 11241100x8000000000000000655801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac59126839dabb5e2021-12-21 12:21:30.943root 354300x8000000000000000655802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:31.182{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49872-false10.0.1.12-8000- 11241100x8000000000000000655803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b749ef0dbe0663782021-12-21 12:21:31.443root 11241100x8000000000000000655804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138ef3a117af31ff2021-12-21 12:21:31.443root 11241100x8000000000000000655805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d6585c64e0fb332021-12-21 12:21:31.443root 11241100x8000000000000000655806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d842aba161bab02021-12-21 12:21:31.443root 11241100x8000000000000000655807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:31.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897528af1cf1081c2021-12-21 12:21:31.942root 11241100x8000000000000000655808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a6a11e6d82a5f42021-12-21 12:21:31.943root 11241100x8000000000000000655809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea32cb45c9edb822021-12-21 12:21:31.943root 11241100x8000000000000000655810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8025084cdd2032a2021-12-21 12:21:31.943root 11241100x8000000000000000655811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:32.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e935e45d88b7812021-12-21 12:21:32.442root 11241100x8000000000000000655812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067ae9f435eb0ca82021-12-21 12:21:32.443root 11241100x8000000000000000655813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ebbe986f36909c2021-12-21 12:21:32.443root 11241100x8000000000000000655814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790785dd48645ca52021-12-21 12:21:32.443root 11241100x8000000000000000655815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:32.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd0df0636dba1122021-12-21 12:21:32.942root 11241100x8000000000000000655816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399615497c009e442021-12-21 12:21:32.943root 11241100x8000000000000000655817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d260e5a5c1a08b2021-12-21 12:21:32.943root 11241100x8000000000000000655818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cac7e0efde750092021-12-21 12:21:32.943root 11241100x8000000000000000655819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:33.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a661409dc2ab252021-12-21 12:21:33.442root 11241100x8000000000000000655820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f949ab53c6c0ace02021-12-21 12:21:33.443root 11241100x8000000000000000655821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e33149f6791c7a82021-12-21 12:21:33.443root 11241100x8000000000000000655822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21d76cb5b4b49512021-12-21 12:21:33.443root 11241100x8000000000000000655823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:33.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed88ea5b4e148922021-12-21 12:21:33.942root 11241100x8000000000000000655824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70aba20c2d436a322021-12-21 12:21:33.943root 11241100x8000000000000000655825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd0afb9415797792021-12-21 12:21:33.943root 11241100x8000000000000000655826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5130df3e9d80ed532021-12-21 12:21:33.943root 11241100x8000000000000000655827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:34.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1287be6457049a732021-12-21 12:21:34.442root 11241100x8000000000000000655828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b37ee2e499bdec62021-12-21 12:21:34.443root 11241100x8000000000000000655829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea7ec5a16509b2a2021-12-21 12:21:34.443root 11241100x8000000000000000655830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8fb897e37544802021-12-21 12:21:34.443root 11241100x8000000000000000655831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:34.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91563f6aebe907b72021-12-21 12:21:34.942root 11241100x8000000000000000655832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae1903049a280832021-12-21 12:21:34.943root 11241100x8000000000000000655833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a930e416f45056ef2021-12-21 12:21:34.943root 11241100x8000000000000000655834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a722de49bce63ef2021-12-21 12:21:34.943root 11241100x8000000000000000655835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:35.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185124731126828a2021-12-21 12:21:35.442root 11241100x8000000000000000655836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99faf9439ff40ad92021-12-21 12:21:35.443root 11241100x8000000000000000655837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7c40856f8c53ed2021-12-21 12:21:35.443root 11241100x8000000000000000655838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e727edf225e92d2021-12-21 12:21:35.443root 11241100x8000000000000000655839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:35.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040eef4b64c070ed2021-12-21 12:21:35.942root 11241100x8000000000000000655840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80ef59b870332fa2021-12-21 12:21:35.943root 11241100x8000000000000000655841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3095b3a3edc8b52021-12-21 12:21:35.943root 11241100x8000000000000000655842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e511b064f733152021-12-21 12:21:35.943root 11241100x8000000000000000655843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.142{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:21:36.142root 11241100x8000000000000000655844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72acdbb766e642f42021-12-21 12:21:36.443root 11241100x8000000000000000655845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740ce0b5e14a5cec2021-12-21 12:21:36.443root 11241100x8000000000000000655846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c60df6709b2347b2021-12-21 12:21:36.443root 11241100x8000000000000000655847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca070f47158288c2021-12-21 12:21:36.443root 11241100x8000000000000000655848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a3eb82b1bc6a5f2021-12-21 12:21:36.443root 11241100x8000000000000000655849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98b1f7d0971e7372021-12-21 12:21:36.943root 11241100x8000000000000000655850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7d9226521378fb2021-12-21 12:21:36.943root 11241100x8000000000000000655851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6288855fac0836cd2021-12-21 12:21:36.943root 11241100x8000000000000000655852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a73f4b7e7f07a902021-12-21 12:21:36.943root 11241100x8000000000000000655853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4933a2ae69385f3b2021-12-21 12:21:36.943root 354300x8000000000000000655854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.055{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49874-false10.0.1.12-8000- 11241100x8000000000000000655855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8a28dc9bc220032021-12-21 12:21:37.443root 11241100x8000000000000000655856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294022f3b92aa9ae2021-12-21 12:21:37.443root 11241100x8000000000000000655857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f292cddb34b1b2c82021-12-21 12:21:37.443root 11241100x8000000000000000655858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714c50cb327397bf2021-12-21 12:21:37.443root 11241100x8000000000000000655859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0911504601360b2021-12-21 12:21:37.443root 11241100x8000000000000000655860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8770959c38424ad2021-12-21 12:21:37.443root 11241100x8000000000000000655861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d01713b1c4e35e2021-12-21 12:21:37.943root 11241100x8000000000000000655862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871c45be059b72882021-12-21 12:21:37.943root 11241100x8000000000000000655863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fb870b1eaed9132021-12-21 12:21:37.943root 11241100x8000000000000000655864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776ec49af2c8fad22021-12-21 12:21:37.943root 11241100x8000000000000000655865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c3c1bc478013442021-12-21 12:21:37.943root 11241100x8000000000000000655866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10db50fbf171fdd22021-12-21 12:21:37.943root 11241100x8000000000000000655867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d453f2c401cbfc2a2021-12-21 12:21:38.443root 11241100x8000000000000000655868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f826094be78a832021-12-21 12:21:38.443root 11241100x8000000000000000655869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08741949f2c0389b2021-12-21 12:21:38.443root 11241100x8000000000000000655870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd074d37905c94e2021-12-21 12:21:38.443root 11241100x8000000000000000655871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbaa22b14b2ec7342021-12-21 12:21:38.443root 11241100x8000000000000000655872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fc8d9ac77595892021-12-21 12:21:38.443root 11241100x8000000000000000655873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627ea7e170e9edb62021-12-21 12:21:38.943root 11241100x8000000000000000655874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f4c7d59e1ce6762021-12-21 12:21:38.943root 11241100x8000000000000000655875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0671789133f6572021-12-21 12:21:38.943root 11241100x8000000000000000655876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089a2b81bbb7d22c2021-12-21 12:21:38.943root 11241100x8000000000000000655877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954d1cb435071a092021-12-21 12:21:38.943root 11241100x8000000000000000655878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acacd1e6162445dc2021-12-21 12:21:38.943root 23542300x8000000000000000655879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.051{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000655880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1434171db92993952021-12-21 12:21:39.443root 11241100x8000000000000000655881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bc3c07d3318a3a2021-12-21 12:21:39.443root 11241100x8000000000000000655882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafa36dfa842b8f92021-12-21 12:21:39.443root 11241100x8000000000000000655883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aaea3aafe94d6ea2021-12-21 12:21:39.443root 11241100x8000000000000000655884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a62bbfe1f209ba42021-12-21 12:21:39.443root 11241100x8000000000000000655885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6edd3beb5fb7e532021-12-21 12:21:39.443root 11241100x8000000000000000655886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409b5c086f31e5772021-12-21 12:21:39.443root 11241100x8000000000000000655887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e246e0223a9d82632021-12-21 12:21:39.943root 11241100x8000000000000000655888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6ff8076e334ca82021-12-21 12:21:39.943root 11241100x8000000000000000655889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c889e7252eea6d212021-12-21 12:21:39.943root 11241100x8000000000000000655890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4183153a5eaf6f2021-12-21 12:21:39.943root 11241100x8000000000000000655891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627f1973fb5768d82021-12-21 12:21:39.943root 11241100x8000000000000000655892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fc1ee2aa1e683a2021-12-21 12:21:39.943root 11241100x8000000000000000655893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba4df23655478542021-12-21 12:21:39.943root 11241100x8000000000000000655894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302c0efafbb26c3f2021-12-21 12:21:40.443root 11241100x8000000000000000655895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da936f93548269d12021-12-21 12:21:40.443root 11241100x8000000000000000655896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f77a5687efc0d1f2021-12-21 12:21:40.443root 11241100x8000000000000000655897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522ed9bdbda1a2b92021-12-21 12:21:40.443root 11241100x8000000000000000655898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4529110ed98412e52021-12-21 12:21:40.443root 11241100x8000000000000000655899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2756bb42994c65ed2021-12-21 12:21:40.443root 11241100x8000000000000000655900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf82944c83fd4ac2021-12-21 12:21:40.443root 11241100x8000000000000000655901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd63cc67b57ed2c72021-12-21 12:21:40.943root 11241100x8000000000000000655902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d19a41ae42b9c1c2021-12-21 12:21:40.943root 11241100x8000000000000000655903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb4837f69a8de282021-12-21 12:21:40.943root 11241100x8000000000000000655904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67100d50cbb38e9f2021-12-21 12:21:40.943root 11241100x8000000000000000655905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e4b625253ee4cb2021-12-21 12:21:40.943root 11241100x8000000000000000655906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8b6767c93db1c82021-12-21 12:21:40.943root 11241100x8000000000000000655907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8bada7a04f202d2021-12-21 12:21:40.943root 11241100x8000000000000000655908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d8a4d7e76c6fff2021-12-21 12:21:41.443root 11241100x8000000000000000655909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48678a610fa386502021-12-21 12:21:41.443root 11241100x8000000000000000655910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1f6a3d6c6979532021-12-21 12:21:41.443root 11241100x8000000000000000655911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e17d8ac51ba4772021-12-21 12:21:41.443root 11241100x8000000000000000655912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4b51615e33f5aa2021-12-21 12:21:41.443root 11241100x8000000000000000655913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98164729288e0e72021-12-21 12:21:41.443root 11241100x8000000000000000655914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6091f90323d6d9512021-12-21 12:21:41.443root 11241100x8000000000000000655915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af68eca7fcbcd8ee2021-12-21 12:21:41.943root 11241100x8000000000000000655916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942d6a4b744e3b672021-12-21 12:21:41.943root 11241100x8000000000000000655917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8180bcaf1a102d202021-12-21 12:21:41.943root 11241100x8000000000000000655918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f8311a63243e3f2021-12-21 12:21:41.943root 11241100x8000000000000000655919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfd54a82fc90eff2021-12-21 12:21:41.943root 11241100x8000000000000000655920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67931281d344e1d32021-12-21 12:21:41.943root 11241100x8000000000000000655921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a6af2f38d444392021-12-21 12:21:41.943root 354300x8000000000000000655922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.073{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49876-false10.0.1.12-8000- 11241100x8000000000000000655923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc6b8bb10a503ff2021-12-21 12:21:42.443root 11241100x8000000000000000655924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea87b187c374aea12021-12-21 12:21:42.443root 11241100x8000000000000000655925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c32e1ab943c3bff2021-12-21 12:21:42.443root 11241100x8000000000000000655926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182231870b287ee22021-12-21 12:21:42.443root 11241100x8000000000000000655927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d508161c66d6470c2021-12-21 12:21:42.444root 11241100x8000000000000000655928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4888f065e5d3182021-12-21 12:21:42.444root 11241100x8000000000000000655929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08524f784738b7762021-12-21 12:21:42.444root 11241100x8000000000000000655930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e2c494c6aa5c292021-12-21 12:21:42.444root 11241100x8000000000000000655931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf47e41238825f02021-12-21 12:21:42.943root 11241100x8000000000000000655932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d8bfe652eae92a2021-12-21 12:21:42.943root 11241100x8000000000000000655933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227631791197a1a52021-12-21 12:21:42.943root 11241100x8000000000000000655934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec701f46dddccd52021-12-21 12:21:42.943root 11241100x8000000000000000655935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cdace8060ddb502021-12-21 12:21:42.943root 11241100x8000000000000000655936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f688327ff5eb17b2021-12-21 12:21:42.943root 11241100x8000000000000000655937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c889c5896be15a562021-12-21 12:21:42.943root 11241100x8000000000000000655938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0407ea50717f70ba2021-12-21 12:21:42.943root 11241100x8000000000000000655939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d763e17011feddb42021-12-21 12:21:43.443root 11241100x8000000000000000655940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c811ee1f25caa93a2021-12-21 12:21:43.443root 11241100x8000000000000000655941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4068bbaa27f037022021-12-21 12:21:43.443root 11241100x8000000000000000655942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b676bbeb99dc922021-12-21 12:21:43.444root 11241100x8000000000000000655943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7956dc3bf80b7c12021-12-21 12:21:43.444root 11241100x8000000000000000655944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06642704cc0992ca2021-12-21 12:21:43.445root 11241100x8000000000000000655945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c4d40b1f01211d2021-12-21 12:21:43.446root 11241100x8000000000000000655946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896782499ccf7f842021-12-21 12:21:43.446root 11241100x8000000000000000655947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b10d3de701c5c572021-12-21 12:21:43.943root 11241100x8000000000000000655948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ecc846aa3ef3562021-12-21 12:21:43.943root 11241100x8000000000000000655949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fe9da4bd34f4b42021-12-21 12:21:43.943root 11241100x8000000000000000655950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb80d821c9b46722021-12-21 12:21:43.943root 11241100x8000000000000000655951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6978ea8f40ac4e2e2021-12-21 12:21:43.943root 11241100x8000000000000000655952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c78067e73f8af02021-12-21 12:21:43.943root 11241100x8000000000000000655953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6e2a3f0ee12d8f2021-12-21 12:21:43.943root 11241100x8000000000000000655954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b5e89c192ed76b2021-12-21 12:21:43.943root 11241100x8000000000000000655955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f9fd2f5cd789492021-12-21 12:21:44.443root 11241100x8000000000000000655956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63a3bdd183b83c82021-12-21 12:21:44.443root 11241100x8000000000000000655957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b850d35652e9fd32021-12-21 12:21:44.443root 11241100x8000000000000000655958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410ef6d2fe69780e2021-12-21 12:21:44.444root 11241100x8000000000000000655959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4a3215d01e2d2b2021-12-21 12:21:44.444root 11241100x8000000000000000655960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66a92a7d8ddc4312021-12-21 12:21:44.444root 11241100x8000000000000000655961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20eaf7a66fd63ee2021-12-21 12:21:44.445root 11241100x8000000000000000655962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02fce3b1df68af52021-12-21 12:21:44.445root 11241100x8000000000000000655963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd77df28bc8de8b2021-12-21 12:21:44.943root 11241100x8000000000000000655964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db477406c9fe10932021-12-21 12:21:44.943root 11241100x8000000000000000655965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be68b9d35fe9c692021-12-21 12:21:44.943root 11241100x8000000000000000655966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076ec1a5ff4e68b52021-12-21 12:21:44.943root 11241100x8000000000000000655967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3116f337527dfcb82021-12-21 12:21:44.943root 11241100x8000000000000000655968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acdf671acfb3d8d2021-12-21 12:21:44.943root 11241100x8000000000000000655969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b87a2e85dc74cc2021-12-21 12:21:44.943root 11241100x8000000000000000655970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e9b2c1e175d99a2021-12-21 12:21:44.944root 11241100x8000000000000000655971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458ab2182a3fcb0c2021-12-21 12:21:45.443root 11241100x8000000000000000655972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cdfe73e67100612021-12-21 12:21:45.443root 11241100x8000000000000000655973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7daa5617f1f6102021-12-21 12:21:45.443root 11241100x8000000000000000655974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92af2f794a9bfb512021-12-21 12:21:45.443root 11241100x8000000000000000655975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135e1d0225f870a32021-12-21 12:21:45.443root 11241100x8000000000000000655976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ba7ae1c4e958c72021-12-21 12:21:45.443root 11241100x8000000000000000655977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e8b339c4a9241a2021-12-21 12:21:45.444root 11241100x8000000000000000655978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1a4fcfc0b2c6f42021-12-21 12:21:45.444root 11241100x8000000000000000655979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f49afa2169e1d4a2021-12-21 12:21:45.942root 11241100x8000000000000000655980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58ee5d8f96bd8d32021-12-21 12:21:45.943root 11241100x8000000000000000655981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f91e9499a6f1f72021-12-21 12:21:45.943root 11241100x8000000000000000655982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5919d1e21e498cba2021-12-21 12:21:45.943root 11241100x8000000000000000655983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e788011effa18c2021-12-21 12:21:45.943root 11241100x8000000000000000655984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66caecc2ca129d852021-12-21 12:21:45.943root 11241100x8000000000000000655985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfc7c1dbb9e036a2021-12-21 12:21:45.943root 11241100x8000000000000000655986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93f257bf8ef4c742021-12-21 12:21:45.944root 11241100x8000000000000000655987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815df9aa94cf133a2021-12-21 12:21:46.443root 11241100x8000000000000000655988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1d8e5fb4ed96a32021-12-21 12:21:46.443root 11241100x8000000000000000655989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719eb1ae26aea73f2021-12-21 12:21:46.443root 11241100x8000000000000000655990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659709c5bc8a65512021-12-21 12:21:46.444root 11241100x8000000000000000655991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa07afe8315ac6b42021-12-21 12:21:46.444root 11241100x8000000000000000655992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918305f28219a0c72021-12-21 12:21:46.444root 11241100x8000000000000000655993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2df7f99c3854cd2021-12-21 12:21:46.444root 11241100x8000000000000000655994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5234ecb61c7f68312021-12-21 12:21:46.444root 11241100x8000000000000000655995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118d8637ddd4411a2021-12-21 12:21:46.943root 11241100x8000000000000000655996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ede892eed7411992021-12-21 12:21:46.943root 11241100x8000000000000000655997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb77cf02d65141412021-12-21 12:21:46.943root 11241100x8000000000000000655998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfce9d03059a6812021-12-21 12:21:46.943root 11241100x8000000000000000655999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a68694e28f42ea2021-12-21 12:21:46.943root 11241100x8000000000000000656000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4183e3f0f9e02a012021-12-21 12:21:46.944root 11241100x8000000000000000656001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075822b83872baa72021-12-21 12:21:46.944root 11241100x8000000000000000656002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f281459bdfd2fee2021-12-21 12:21:46.944root 354300x8000000000000000656003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.256{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49878-false10.0.1.12-8000- 11241100x8000000000000000656004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ff6c8cbb7939592021-12-21 12:21:47.257root 11241100x8000000000000000656005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9a8f72d523ab262021-12-21 12:21:47.257root 11241100x8000000000000000656006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f2755818c799622021-12-21 12:21:47.257root 11241100x8000000000000000656007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1997a2468736d7382021-12-21 12:21:47.257root 11241100x8000000000000000656008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754bbd6177de2fea2021-12-21 12:21:47.257root 11241100x8000000000000000656009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc4799903731c552021-12-21 12:21:47.257root 11241100x8000000000000000656010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44720d551bea9e652021-12-21 12:21:47.257root 11241100x8000000000000000656011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d9c20a9c3b9ed02021-12-21 12:21:47.257root 11241100x8000000000000000656012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a42a97ab4cf77ce2021-12-21 12:21:47.258root 11241100x8000000000000000656013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad812f9c7a560072021-12-21 12:21:47.693root 11241100x8000000000000000656014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc5d750562c24382021-12-21 12:21:47.693root 11241100x8000000000000000656015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f522795b48b273a2021-12-21 12:21:47.693root 11241100x8000000000000000656016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7947691c6c0a3ead2021-12-21 12:21:47.693root 11241100x8000000000000000656017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2395346b07c35222021-12-21 12:21:47.693root 11241100x8000000000000000656018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0689374788e509d52021-12-21 12:21:47.693root 11241100x8000000000000000656019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6758c34f4a15292021-12-21 12:21:47.693root 11241100x8000000000000000656020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115ad827183d1ec72021-12-21 12:21:47.693root 11241100x8000000000000000656021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c7ecd0c2e77c992021-12-21 12:21:47.693root 11241100x8000000000000000656022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a94e2a701fdd182021-12-21 12:21:48.193root 11241100x8000000000000000656023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccddd3db766ac472021-12-21 12:21:48.193root 11241100x8000000000000000656024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2225d03f50afaf042021-12-21 12:21:48.193root 11241100x8000000000000000656025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bc0cf3e504f17f2021-12-21 12:21:48.193root 11241100x8000000000000000656026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a012808b2bfb0b22021-12-21 12:21:48.193root 11241100x8000000000000000656027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b471c5c4cc0cab2021-12-21 12:21:48.193root 11241100x8000000000000000656028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78c71ade725e5fd2021-12-21 12:21:48.193root 11241100x8000000000000000656029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70e5861b9aa0c122021-12-21 12:21:48.193root 11241100x8000000000000000656030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c3fc896369f8562021-12-21 12:21:48.193root 11241100x8000000000000000656031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a388bb5ece0a619a2021-12-21 12:21:48.693root 11241100x8000000000000000656032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8186da05a497104c2021-12-21 12:21:48.693root 11241100x8000000000000000656033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b75500dd1bd7f3f2021-12-21 12:21:48.693root 11241100x8000000000000000656034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00ef3756216e4a62021-12-21 12:21:48.693root 11241100x8000000000000000656035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d70494f26576f02021-12-21 12:21:48.693root 11241100x8000000000000000656036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31821440c34bcba2021-12-21 12:21:48.693root 11241100x8000000000000000656037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1adbefedc287662021-12-21 12:21:48.693root 11241100x8000000000000000656038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499ee6fc3962df082021-12-21 12:21:48.693root 11241100x8000000000000000656039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a12c2481b7d07892021-12-21 12:21:48.693root 11241100x8000000000000000656040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818021cbdbf8d4902021-12-21 12:21:49.193root 11241100x8000000000000000656041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fadad0b78ef2725d2021-12-21 12:21:49.193root 11241100x8000000000000000656042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea5c0a963b7b4a52021-12-21 12:21:49.193root 11241100x8000000000000000656043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a06568c4c598d22021-12-21 12:21:49.193root 11241100x8000000000000000656044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f094e70bc17453ba2021-12-21 12:21:49.193root 11241100x8000000000000000656045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5d8d566f5d0c072021-12-21 12:21:49.193root 11241100x8000000000000000656046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d1573b3c0d0eec2021-12-21 12:21:49.193root 11241100x8000000000000000656047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3411ca8fd0fce172021-12-21 12:21:49.193root 11241100x8000000000000000656048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2315d107a1ecb7ff2021-12-21 12:21:49.194root 11241100x8000000000000000656049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006e2cd5cf6c00002021-12-21 12:21:49.693root 11241100x8000000000000000656050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac7ad4a5786b2962021-12-21 12:21:49.693root 11241100x8000000000000000656051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165cfa595ec547f72021-12-21 12:21:49.693root 11241100x8000000000000000656052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184ead4360b2f70e2021-12-21 12:21:49.693root 11241100x8000000000000000656053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf26781f1e4571262021-12-21 12:21:49.693root 11241100x8000000000000000656054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc11d2db8f9ee5a2021-12-21 12:21:49.693root 11241100x8000000000000000656055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa88d4389186cc12021-12-21 12:21:49.693root 11241100x8000000000000000656056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663fe09dedfc28342021-12-21 12:21:49.694root 11241100x8000000000000000656057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd73fcd1c1a8c882021-12-21 12:21:49.694root 11241100x8000000000000000656058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caae0bc41e60efdb2021-12-21 12:21:50.193root 11241100x8000000000000000656059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e29233e9d985f72021-12-21 12:21:50.193root 11241100x8000000000000000656060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1b20e87ab28b6a2021-12-21 12:21:50.193root 11241100x8000000000000000656061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b1646ef26b9b252021-12-21 12:21:50.193root 11241100x8000000000000000656062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120e08362dcedf3c2021-12-21 12:21:50.193root 11241100x8000000000000000656063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03cf2e2449146e02021-12-21 12:21:50.193root 11241100x8000000000000000656064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc921a6d12689762021-12-21 12:21:50.194root 11241100x8000000000000000656065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ce00d1ad07ca682021-12-21 12:21:50.194root 11241100x8000000000000000656066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac988a57bb3111c2021-12-21 12:21:50.194root 11241100x8000000000000000656067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5893096717cd9d2021-12-21 12:21:50.693root 11241100x8000000000000000656068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b8193df62a48672021-12-21 12:21:50.693root 11241100x8000000000000000656069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fe136840397cb32021-12-21 12:21:50.693root 11241100x8000000000000000656070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9b96042fdf731e2021-12-21 12:21:50.693root 11241100x8000000000000000656071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f0cc4d1f5f8f7b2021-12-21 12:21:50.693root 11241100x8000000000000000656072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecaab0fe0a4e0eae2021-12-21 12:21:50.693root 11241100x8000000000000000656073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9794701e3de56852021-12-21 12:21:50.693root 11241100x8000000000000000656074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571b7eef67f342e82021-12-21 12:21:50.693root 11241100x8000000000000000656075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5133351c7c76ec6d2021-12-21 12:21:50.693root 11241100x8000000000000000656076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72063f8bd6fd9ce52021-12-21 12:21:51.193root 11241100x8000000000000000656077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e5081ef87aef9c2021-12-21 12:21:51.193root 11241100x8000000000000000656078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245479ff60930a6e2021-12-21 12:21:51.193root 11241100x8000000000000000656079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09fefedb30f94df2021-12-21 12:21:51.193root 11241100x8000000000000000656080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564e16767aef80182021-12-21 12:21:51.193root 11241100x8000000000000000656081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c42c3434957fd92021-12-21 12:21:51.193root 11241100x8000000000000000656082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcaf810cb08e7a892021-12-21 12:21:51.193root 11241100x8000000000000000656083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689a82ab038258aa2021-12-21 12:21:51.193root 11241100x8000000000000000656084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a0fa71f3423cee2021-12-21 12:21:51.194root 11241100x8000000000000000656085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711ae5f0462ee6552021-12-21 12:21:51.693root 11241100x8000000000000000656086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6600461c60a001ab2021-12-21 12:21:51.693root 11241100x8000000000000000656087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e5ec7354a5fbd52021-12-21 12:21:51.693root 11241100x8000000000000000656088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc432dc3cc224572021-12-21 12:21:51.693root 11241100x8000000000000000656089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53f65ced09928092021-12-21 12:21:51.693root 11241100x8000000000000000656090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cc55b536028fd92021-12-21 12:21:51.694root 11241100x8000000000000000656091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b9e19542466be12021-12-21 12:21:51.694root 11241100x8000000000000000656092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2bf45eba14439872021-12-21 12:21:51.694root 11241100x8000000000000000656093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf77b5c593e72ae2021-12-21 12:21:51.694root 11241100x8000000000000000656094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5602dc8c55c6484f2021-12-21 12:21:52.193root 11241100x8000000000000000656095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373714558ed6e0ab2021-12-21 12:21:52.193root 11241100x8000000000000000656096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1befcffdfa1b23bd2021-12-21 12:21:52.193root 11241100x8000000000000000656097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d984badb09d312b2021-12-21 12:21:52.193root 11241100x8000000000000000656098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb574b9d87270032021-12-21 12:21:52.193root 11241100x8000000000000000656099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff6a3eafa81b5ea2021-12-21 12:21:52.193root 11241100x8000000000000000656100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cb5483b31b43032021-12-21 12:21:52.193root 11241100x8000000000000000656101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d827d6b482be6e8e2021-12-21 12:21:52.193root 11241100x8000000000000000656102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761f7bd77a882aa02021-12-21 12:21:52.194root 11241100x8000000000000000656103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0667246888f02e432021-12-21 12:21:52.693root 11241100x8000000000000000656104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3580475e07303782021-12-21 12:21:52.693root 11241100x8000000000000000656105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5ca74e835d894d2021-12-21 12:21:52.693root 11241100x8000000000000000656106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5234f8d190a00e512021-12-21 12:21:52.693root 11241100x8000000000000000656107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ed43149af38ba82021-12-21 12:21:52.693root 11241100x8000000000000000656108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bbaea608702cdc2021-12-21 12:21:52.693root 11241100x8000000000000000656109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d48e8b9c38f8df2021-12-21 12:21:52.693root 11241100x8000000000000000656110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289bbfbf2baf28dc2021-12-21 12:21:52.693root 11241100x8000000000000000656111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45faa1ff1d2b30d2021-12-21 12:21:52.693root 354300x8000000000000000656112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.047{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49880-false10.0.1.12-8000- 11241100x8000000000000000656113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd21f3fa543929f2021-12-21 12:21:53.048root 11241100x8000000000000000656114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c6e716bad2db4e2021-12-21 12:21:53.048root 11241100x8000000000000000656115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3562f134f4c479312021-12-21 12:21:53.048root 11241100x8000000000000000656116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fb1ee999f0bc912021-12-21 12:21:53.048root 11241100x8000000000000000656117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5adcf0c900f05e72021-12-21 12:21:53.049root 11241100x8000000000000000656118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d105a1b34b5188152021-12-21 12:21:53.049root 11241100x8000000000000000656119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020c5d808c0e43082021-12-21 12:21:53.049root 11241100x8000000000000000656120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc69f8640419f8f2021-12-21 12:21:53.049root 11241100x8000000000000000656121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438205356b5d9d2a2021-12-21 12:21:53.049root 11241100x8000000000000000656122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720f8c384a6a3a5f2021-12-21 12:21:53.049root 11241100x8000000000000000656123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90b89348cc454a12021-12-21 12:21:53.443root 11241100x8000000000000000656124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfc8fdad84b0e502021-12-21 12:21:53.443root 11241100x8000000000000000656125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fec73f97454c952021-12-21 12:21:53.443root 11241100x8000000000000000656126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa643e0838abf6bd2021-12-21 12:21:53.443root 11241100x8000000000000000656127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d821d2b2d7279932021-12-21 12:21:53.443root 11241100x8000000000000000656128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bcdebd0d1d9c022021-12-21 12:21:53.443root 11241100x8000000000000000656129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef3c776f2d5f15b2021-12-21 12:21:53.443root 11241100x8000000000000000656130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfeacae7ee02cdc2021-12-21 12:21:53.443root 11241100x8000000000000000656131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9657e35c205361852021-12-21 12:21:53.443root 11241100x8000000000000000656132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc537ab111033252021-12-21 12:21:53.444root 11241100x8000000000000000656133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a185ac1ea9ca1a2021-12-21 12:21:53.943root 11241100x8000000000000000656134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be883f444b25283d2021-12-21 12:21:53.943root 11241100x8000000000000000656135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cf9378ca65bc072021-12-21 12:21:53.943root 11241100x8000000000000000656136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f002b8fedaedd02021-12-21 12:21:53.943root 11241100x8000000000000000656137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91d42805ff76a692021-12-21 12:21:53.943root 11241100x8000000000000000656138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18e514ff68ae3ce2021-12-21 12:21:53.943root 11241100x8000000000000000656139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7c790163cae1942021-12-21 12:21:53.944root 11241100x8000000000000000656140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa126afc93421d5d2021-12-21 12:21:53.944root 11241100x8000000000000000656141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8cdf86fe4239cc2021-12-21 12:21:53.944root 11241100x8000000000000000656142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768e768e9090dfd22021-12-21 12:21:53.944root 11241100x8000000000000000656143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc19de166ccdab32021-12-21 12:21:54.443root 11241100x8000000000000000656144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b471743f2c245462021-12-21 12:21:54.443root 11241100x8000000000000000656145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5918b72349e5b9342021-12-21 12:21:54.443root 11241100x8000000000000000656146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae42b751a708bdee2021-12-21 12:21:54.443root 11241100x8000000000000000656147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515b781fe40895472021-12-21 12:21:54.443root 11241100x8000000000000000656148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b2fc24e804ddcc2021-12-21 12:21:54.443root 11241100x8000000000000000656149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b208844b1e1db2852021-12-21 12:21:54.443root 11241100x8000000000000000656150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c888611e692747842021-12-21 12:21:54.443root 11241100x8000000000000000656151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3413012e4f4923722021-12-21 12:21:54.443root 11241100x8000000000000000656152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8862226f6733012021-12-21 12:21:54.443root 11241100x8000000000000000656153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92bba192eae16d12021-12-21 12:21:54.943root 11241100x8000000000000000656154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9177297f649398f72021-12-21 12:21:54.943root 11241100x8000000000000000656155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8d0b7cab659f0f2021-12-21 12:21:54.943root 11241100x8000000000000000656156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffead65eb7d70552021-12-21 12:21:54.943root 11241100x8000000000000000656157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23771a147ca969b2021-12-21 12:21:54.943root 11241100x8000000000000000656158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31be812d6a404cc12021-12-21 12:21:54.943root 11241100x8000000000000000656159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dfc177aedc40ca2021-12-21 12:21:54.943root 11241100x8000000000000000656160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b47acf78d38d62d2021-12-21 12:21:54.943root 11241100x8000000000000000656161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02acaa44ac7534a2021-12-21 12:21:54.943root 11241100x8000000000000000656162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9d00585b2a66102021-12-21 12:21:54.944root 11241100x8000000000000000656163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277c239dc51e28a52021-12-21 12:21:55.443root 11241100x8000000000000000656164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be89a710ba735f002021-12-21 12:21:55.443root 11241100x8000000000000000656165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c5a0be8d673eca2021-12-21 12:21:55.443root 11241100x8000000000000000656166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cbdbb28faa275d2021-12-21 12:21:55.443root 11241100x8000000000000000656167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a935a2921e8b1de72021-12-21 12:21:55.443root 11241100x8000000000000000656168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aad5e7579538ead2021-12-21 12:21:55.443root 11241100x8000000000000000656169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d885441b56c5ca2021-12-21 12:21:55.443root 11241100x8000000000000000656170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ebe6ca7650c76f2021-12-21 12:21:55.443root 11241100x8000000000000000656171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad88829c7a0ffc72021-12-21 12:21:55.443root 11241100x8000000000000000656172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adc91b1b9abd31a2021-12-21 12:21:55.443root 11241100x8000000000000000656173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ec9808272ee7bb2021-12-21 12:21:55.943root 11241100x8000000000000000656174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cdc08ddb67c1792021-12-21 12:21:55.943root 11241100x8000000000000000656175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1bc3a979b280ae2021-12-21 12:21:55.943root 11241100x8000000000000000656176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a80d2036ecd9422021-12-21 12:21:55.943root 11241100x8000000000000000656177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c5baa6bd7460052021-12-21 12:21:55.943root 11241100x8000000000000000656178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc77c74bd8b4875b2021-12-21 12:21:55.943root 11241100x8000000000000000656179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c9de170ac9e29e2021-12-21 12:21:55.943root 11241100x8000000000000000656180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157f79aed3822e9c2021-12-21 12:21:55.943root 11241100x8000000000000000656181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df76a7e71119cd3e2021-12-21 12:21:55.944root 11241100x8000000000000000656182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22f7a0dde67a55d2021-12-21 12:21:55.944root 11241100x8000000000000000656183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421f654cbc8cf7a92021-12-21 12:21:56.443root 11241100x8000000000000000656184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9de0d4fd985a8a42021-12-21 12:21:56.443root 11241100x8000000000000000656185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04af1c3b1d4dc1e22021-12-21 12:21:56.443root 11241100x8000000000000000656186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ddb3cf8fc9077e2021-12-21 12:21:56.443root 11241100x8000000000000000656187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0958cf5d463fa22021-12-21 12:21:56.443root 11241100x8000000000000000656188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4764f99a10b0342021-12-21 12:21:56.443root 11241100x8000000000000000656189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82718e40ee080822021-12-21 12:21:56.443root 11241100x8000000000000000656190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14402005e3d8fefe2021-12-21 12:21:56.443root 11241100x8000000000000000656191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc95a33b2033fe422021-12-21 12:21:56.443root 11241100x8000000000000000656192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65d873d88d222ab2021-12-21 12:21:56.443root 11241100x8000000000000000656193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ed010647674e042021-12-21 12:21:56.943root 11241100x8000000000000000656194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0aa00d618acf2d12021-12-21 12:21:56.943root 11241100x8000000000000000656195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf82dd4057b69bac2021-12-21 12:21:56.943root 11241100x8000000000000000656196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38129865ed32d94e2021-12-21 12:21:56.943root 11241100x8000000000000000656197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace1b5878ae6117d2021-12-21 12:21:56.943root 11241100x8000000000000000656198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554e44ab40e5c6262021-12-21 12:21:56.943root 11241100x8000000000000000656199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29532d4f070670f02021-12-21 12:21:56.943root 11241100x8000000000000000656200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6382431595076112021-12-21 12:21:56.944root 11241100x8000000000000000656201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bc4f778e3ecc742021-12-21 12:21:56.944root 11241100x8000000000000000656202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd9cd462560021b2021-12-21 12:21:56.944root 11241100x8000000000000000656203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5899a2d49496332021-12-21 12:21:57.443root 11241100x8000000000000000656204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ee8f77bca34d162021-12-21 12:21:57.443root 11241100x8000000000000000656205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814ba32d361d5e5c2021-12-21 12:21:57.443root 11241100x8000000000000000656206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c80a227662afac2021-12-21 12:21:57.443root 11241100x8000000000000000656207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc80f17ede518592021-12-21 12:21:57.443root 11241100x8000000000000000656208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9168d2cac3d3b6322021-12-21 12:21:57.443root 11241100x8000000000000000656209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efbc2e084d5cfd22021-12-21 12:21:57.443root 11241100x8000000000000000656210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183ea29fa6cfcc5c2021-12-21 12:21:57.443root 11241100x8000000000000000656211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905018eacda6807b2021-12-21 12:21:57.444root 11241100x8000000000000000656212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2be0d9027d3def82021-12-21 12:21:57.444root 11241100x8000000000000000656213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18c7d78528e80562021-12-21 12:21:57.943root 11241100x8000000000000000656214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b171b029a1a78a42021-12-21 12:21:57.943root 11241100x8000000000000000656215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3bdc0448608fcc2021-12-21 12:21:57.943root 11241100x8000000000000000656216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfda7ace1ea7b50e2021-12-21 12:21:57.943root 11241100x8000000000000000656217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11c64cd78b1a8812021-12-21 12:21:57.943root 11241100x8000000000000000656218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f35dcd4641ca6032021-12-21 12:21:57.943root 11241100x8000000000000000656219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f852441a5d65012021-12-21 12:21:57.943root 11241100x8000000000000000656220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a061a8a340c30ac2021-12-21 12:21:57.943root 11241100x8000000000000000656221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde1d9ad61cfad162021-12-21 12:21:57.943root 11241100x8000000000000000656222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9318e7d4bc2697892021-12-21 12:21:57.944root 354300x8000000000000000656223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.213{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49882-false10.0.1.12-8000- 11241100x8000000000000000656224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6cbdd22f76a7bb2021-12-21 12:21:58.215root 11241100x8000000000000000656225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb3ea7dc7f9f4022021-12-21 12:21:58.215root 11241100x8000000000000000656226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615f9b8080fd7e6f2021-12-21 12:21:58.215root 11241100x8000000000000000656227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de84ef0ff37d1a32021-12-21 12:21:58.215root 11241100x8000000000000000656228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f6ee0a1c9b0e562021-12-21 12:21:58.215root 11241100x8000000000000000656229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab11aa9647b6f542021-12-21 12:21:58.215root 11241100x8000000000000000656230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2d005fc16c7db82021-12-21 12:21:58.215root 11241100x8000000000000000656231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eaa9a0d1e2016f52021-12-21 12:21:58.215root 11241100x8000000000000000656232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed7417657018f682021-12-21 12:21:58.215root 11241100x8000000000000000656233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8ed9d77d7630632021-12-21 12:21:58.215root 11241100x8000000000000000656234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cb413f19da7eae2021-12-21 12:21:58.215root 11241100x8000000000000000656235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d129fd6d1f258d72021-12-21 12:21:58.693root 11241100x8000000000000000656236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029e67b9a07052d62021-12-21 12:21:58.693root 11241100x8000000000000000656237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992796b7cfb4ac012021-12-21 12:21:58.693root 11241100x8000000000000000656238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4e7cd706d09e1f2021-12-21 12:21:58.693root 11241100x8000000000000000656239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794b9b821327d53a2021-12-21 12:21:58.693root 11241100x8000000000000000656240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32424c448019479a2021-12-21 12:21:58.693root 11241100x8000000000000000656241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e13b9a2e7648a662021-12-21 12:21:58.693root 11241100x8000000000000000656242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b240adde6acfd4b32021-12-21 12:21:58.693root 11241100x8000000000000000656243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb0c5fb5cd6188a2021-12-21 12:21:58.693root 11241100x8000000000000000656244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f84d48b0e90a4c2021-12-21 12:21:58.694root 11241100x8000000000000000656245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a68fc90dde86cc2021-12-21 12:21:58.694root 11241100x8000000000000000656246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc05d3058720b4c2021-12-21 12:21:59.193root 11241100x8000000000000000656247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef0ee9aad5483ea2021-12-21 12:21:59.193root 11241100x8000000000000000656248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f27ca6e3787f4cd2021-12-21 12:21:59.193root 11241100x8000000000000000656249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd3753da9e073b52021-12-21 12:21:59.193root 11241100x8000000000000000656250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3242b2bb948d692a2021-12-21 12:21:59.193root 11241100x8000000000000000656251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f1afc1b7e9398c2021-12-21 12:21:59.193root 11241100x8000000000000000656252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c7ab523a9f46872021-12-21 12:21:59.193root 11241100x8000000000000000656253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48b9ef743de4f412021-12-21 12:21:59.193root 11241100x8000000000000000656254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd19e6e70d0f07192021-12-21 12:21:59.193root 11241100x8000000000000000656255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe16740aae7e07c2021-12-21 12:21:59.193root 11241100x8000000000000000656256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26def65ac4d95ff2021-12-21 12:21:59.193root 11241100x8000000000000000656257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120b7b9c4d706e152021-12-21 12:21:59.693root 11241100x8000000000000000656258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58163b23ab51fe722021-12-21 12:21:59.693root 11241100x8000000000000000656259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8b2b1dc0eb889e2021-12-21 12:21:59.693root 11241100x8000000000000000656260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2d13dcf20045e12021-12-21 12:21:59.693root 11241100x8000000000000000656261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06ad68d988c1e2f2021-12-21 12:21:59.693root 11241100x8000000000000000656262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35878473e45e2d122021-12-21 12:21:59.693root 11241100x8000000000000000656263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffec8aa075fd0f752021-12-21 12:21:59.693root 11241100x8000000000000000656264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5bf98aad0f74932021-12-21 12:21:59.693root 11241100x8000000000000000656265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6fcc1d41ee6e442021-12-21 12:21:59.693root 11241100x8000000000000000656266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195b255b8c4086702021-12-21 12:21:59.694root 11241100x8000000000000000656267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:21:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9084e0cf2e40adf2021-12-21 12:21:59.694root 11241100x8000000000000000656268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab235881e0ff307d2021-12-21 12:22:00.193root 11241100x8000000000000000656269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b103588c2da4f92021-12-21 12:22:00.194root 11241100x8000000000000000656270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465a0d2229fd44762021-12-21 12:22:00.194root 11241100x8000000000000000656271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496bcbc08027d9d92021-12-21 12:22:00.194root 11241100x8000000000000000656272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9eb7a081d39d53b2021-12-21 12:22:00.194root 11241100x8000000000000000656273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1d2bb9670b85702021-12-21 12:22:00.194root 11241100x8000000000000000656274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5732c93388b46a92021-12-21 12:22:00.194root 11241100x8000000000000000656275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659301573e37ec362021-12-21 12:22:00.194root 11241100x8000000000000000656276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67a3e4b9c8b34322021-12-21 12:22:00.194root 11241100x8000000000000000656277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801972c6194d3ddf2021-12-21 12:22:00.194root 11241100x8000000000000000656278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f25d4accfff043e2021-12-21 12:22:00.194root 11241100x8000000000000000656279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21b1a7e6c03b29f2021-12-21 12:22:00.693root 11241100x8000000000000000656280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a3efc2b95651e82021-12-21 12:22:00.693root 11241100x8000000000000000656281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fe7af33e9e72832021-12-21 12:22:00.693root 11241100x8000000000000000656282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f5189802d8f6782021-12-21 12:22:00.693root 11241100x8000000000000000656283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa417e6c95fa44182021-12-21 12:22:00.693root 11241100x8000000000000000656284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97f173646fc9ed02021-12-21 12:22:00.693root 11241100x8000000000000000656285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bcaf3d40602b822021-12-21 12:22:00.693root 11241100x8000000000000000656286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a067ce449697fa2021-12-21 12:22:00.693root 11241100x8000000000000000656287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b4f0f3336553d22021-12-21 12:22:00.693root 11241100x8000000000000000656288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7c1ca24ca9b4162021-12-21 12:22:00.694root 11241100x8000000000000000656289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3fd1336cb2f1012021-12-21 12:22:00.694root 11241100x8000000000000000656290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24398a02aece2cf2021-12-21 12:22:01.193root 11241100x8000000000000000656291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10adeae987a419c72021-12-21 12:22:01.193root 11241100x8000000000000000656292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab537f5deba60af62021-12-21 12:22:01.193root 11241100x8000000000000000656293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c79445f17c02212021-12-21 12:22:01.193root 11241100x8000000000000000656294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3795e9a80b9db07d2021-12-21 12:22:01.193root 11241100x8000000000000000656295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012dcc33a3081fc32021-12-21 12:22:01.193root 11241100x8000000000000000656296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72ff2c584bd743f2021-12-21 12:22:01.193root 11241100x8000000000000000656297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2b5a62f93dd3fc2021-12-21 12:22:01.194root 11241100x8000000000000000656298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee5f861ff60e2472021-12-21 12:22:01.194root 11241100x8000000000000000656299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6a5abf92b4bb522021-12-21 12:22:01.194root 11241100x8000000000000000656300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c0a390a419051a2021-12-21 12:22:01.194root 11241100x8000000000000000656301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16052c13ff09b1ae2021-12-21 12:22:01.693root 11241100x8000000000000000656302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc58c98b26c7dbe62021-12-21 12:22:01.693root 11241100x8000000000000000656303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9c39111b2e86392021-12-21 12:22:01.693root 11241100x8000000000000000656304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73685d4a05fd6f62021-12-21 12:22:01.693root 11241100x8000000000000000656305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48128f23413a89c62021-12-21 12:22:01.693root 11241100x8000000000000000656306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6afe75d4df80212021-12-21 12:22:01.693root 11241100x8000000000000000656307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99ebed1c565ac7b2021-12-21 12:22:01.693root 11241100x8000000000000000656308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83682ffd98c5e7fe2021-12-21 12:22:01.693root 11241100x8000000000000000656309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0f2110515ea6842021-12-21 12:22:01.693root 11241100x8000000000000000656310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87e9727142fd3342021-12-21 12:22:01.693root 11241100x8000000000000000656311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82a677a558829872021-12-21 12:22:01.693root 11241100x8000000000000000656312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65c6f61b836c50f2021-12-21 12:22:02.193root 11241100x8000000000000000656313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a47ba50c82b95e72021-12-21 12:22:02.193root 11241100x8000000000000000656314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39726973ed5621612021-12-21 12:22:02.193root 11241100x8000000000000000656315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cde7360b00b5e22021-12-21 12:22:02.193root 11241100x8000000000000000656316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79d961bc798f47c2021-12-21 12:22:02.193root 11241100x8000000000000000656317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b564903bf2c329c12021-12-21 12:22:02.193root 11241100x8000000000000000656318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58218ab21a45fc2c2021-12-21 12:22:02.193root 11241100x8000000000000000656319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ce5a040933f63a2021-12-21 12:22:02.193root 11241100x8000000000000000656320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e349b426a59106152021-12-21 12:22:02.194root 11241100x8000000000000000656321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55a2bd967303f132021-12-21 12:22:02.194root 11241100x8000000000000000656322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a2163b03b894452021-12-21 12:22:02.194root 11241100x8000000000000000656323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4be17c64f2c54522021-12-21 12:22:02.693root 11241100x8000000000000000656324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f53ab90913479b52021-12-21 12:22:02.693root 11241100x8000000000000000656325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def66afdbe9ead732021-12-21 12:22:02.693root 11241100x8000000000000000656326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1234f68c2c85c60d2021-12-21 12:22:02.693root 11241100x8000000000000000656327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb28b2c9000d70c82021-12-21 12:22:02.693root 11241100x8000000000000000656328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2c05bb2dbe8ca42021-12-21 12:22:02.693root 11241100x8000000000000000656329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017bc1e691c5bc002021-12-21 12:22:02.693root 11241100x8000000000000000656330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93df01a90ad830072021-12-21 12:22:02.694root 11241100x8000000000000000656331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e454a86af185fd2021-12-21 12:22:02.694root 11241100x8000000000000000656332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70437591d5c05812021-12-21 12:22:02.694root 11241100x8000000000000000656333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a2d6befe9ec3f22021-12-21 12:22:02.694root 11241100x8000000000000000656334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a5372cafeffcf72021-12-21 12:22:03.193root 11241100x8000000000000000656335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee889fd1eea2192c2021-12-21 12:22:03.193root 11241100x8000000000000000656336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166eacbf1118b1c92021-12-21 12:22:03.193root 11241100x8000000000000000656337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae3d1a5ad5ed43d2021-12-21 12:22:03.194root 11241100x8000000000000000656338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496a2937072372e52021-12-21 12:22:03.194root 11241100x8000000000000000656339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70373aa44fb218182021-12-21 12:22:03.194root 11241100x8000000000000000656340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6490b8a08bc1b562021-12-21 12:22:03.194root 11241100x8000000000000000656341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579c1182b45aeffc2021-12-21 12:22:03.194root 11241100x8000000000000000656342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a02f9c10ff30212021-12-21 12:22:03.194root 11241100x8000000000000000656343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c36571479739ec82021-12-21 12:22:03.195root 11241100x8000000000000000656344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd795cddb983aa42021-12-21 12:22:03.195root 354300x8000000000000000656345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.259{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49884-false10.0.1.12-8000- 11241100x8000000000000000656346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf05a62af846d50c2021-12-21 12:22:03.693root 11241100x8000000000000000656347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f25318ba403bdd02021-12-21 12:22:03.693root 11241100x8000000000000000656348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8a22a375c439022021-12-21 12:22:03.693root 11241100x8000000000000000656349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74497f61464354022021-12-21 12:22:03.694root 11241100x8000000000000000656350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f0e50d453dbaf12021-12-21 12:22:03.694root 11241100x8000000000000000656351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78dfdb37d2f1f1f82021-12-21 12:22:03.694root 11241100x8000000000000000656352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c5ea97b05156702021-12-21 12:22:03.694root 11241100x8000000000000000656353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434af979d8a701f72021-12-21 12:22:03.694root 11241100x8000000000000000656354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a78b632881010222021-12-21 12:22:03.694root 11241100x8000000000000000656355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f876b280e04dae42021-12-21 12:22:03.695root 11241100x8000000000000000656356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f6e6e66df65f7b2021-12-21 12:22:03.695root 11241100x8000000000000000656357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a3191d8d1cca662021-12-21 12:22:03.695root 11241100x8000000000000000656358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685ec6387d4582262021-12-21 12:22:03.695root 11241100x8000000000000000656359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6206bbd0e7cc822021-12-21 12:22:03.695root 11241100x8000000000000000656360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68b8bdb72a32a792021-12-21 12:22:04.193root 11241100x8000000000000000656361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1556a17a9b688fa2021-12-21 12:22:04.193root 11241100x8000000000000000656362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0b788bf68855792021-12-21 12:22:04.193root 11241100x8000000000000000656363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878b25b7b31a34762021-12-21 12:22:04.194root 11241100x8000000000000000656364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c325e029a89e10952021-12-21 12:22:04.194root 11241100x8000000000000000656365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d576a9ed13be89c22021-12-21 12:22:04.194root 11241100x8000000000000000656366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961d7387e11eda572021-12-21 12:22:04.194root 11241100x8000000000000000656367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f186d6e0837d51c2021-12-21 12:22:04.194root 11241100x8000000000000000656368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743bb2680732d7a72021-12-21 12:22:04.194root 11241100x8000000000000000656369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c05ce2854cb9be2021-12-21 12:22:04.194root 11241100x8000000000000000656370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5728ff44652321d2021-12-21 12:22:04.195root 11241100x8000000000000000656371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef833245cb25cb42021-12-21 12:22:04.195root 11241100x8000000000000000656372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc8447b7f7b17102021-12-21 12:22:04.693root 11241100x8000000000000000656373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82db90729a9660532021-12-21 12:22:04.693root 11241100x8000000000000000656374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf852a9724e2eca2021-12-21 12:22:04.693root 11241100x8000000000000000656375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc74fe2e57d2651f2021-12-21 12:22:04.693root 11241100x8000000000000000656376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cf08473c554a092021-12-21 12:22:04.693root 11241100x8000000000000000656377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17189041e24d893c2021-12-21 12:22:04.693root 11241100x8000000000000000656378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4c20a95947f9fb2021-12-21 12:22:04.693root 11241100x8000000000000000656379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3aa78289b3a0f272021-12-21 12:22:04.694root 11241100x8000000000000000656380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba5d77af15a7a552021-12-21 12:22:04.694root 11241100x8000000000000000656381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc311d5b1b8dd6892021-12-21 12:22:04.694root 11241100x8000000000000000656382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf5eb723dc8061b2021-12-21 12:22:04.694root 11241100x8000000000000000656383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7573965003b814e2021-12-21 12:22:04.694root 11241100x8000000000000000656384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d646267a3d1fa6502021-12-21 12:22:05.193root 11241100x8000000000000000656385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375b29ad82e52d622021-12-21 12:22:05.193root 11241100x8000000000000000656386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c92639a23cc05c2021-12-21 12:22:05.193root 11241100x8000000000000000656387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f84b0fab0721bc2021-12-21 12:22:05.194root 11241100x8000000000000000656388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0115fd199ce2ea9d2021-12-21 12:22:05.194root 11241100x8000000000000000656389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bc69bf022842552021-12-21 12:22:05.194root 11241100x8000000000000000656390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da707398026165c2021-12-21 12:22:05.194root 11241100x8000000000000000656391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc5cf6ba2a5d7042021-12-21 12:22:05.195root 11241100x8000000000000000656392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0997d45162c74afd2021-12-21 12:22:05.195root 11241100x8000000000000000656393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147f369cfa1822972021-12-21 12:22:05.196root 11241100x8000000000000000656394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b9f993424691d92021-12-21 12:22:05.196root 11241100x8000000000000000656395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc79dd59d85266822021-12-21 12:22:05.196root 11241100x8000000000000000656396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6382242640a66da92021-12-21 12:22:05.693root 11241100x8000000000000000656397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9ebd49829fe9c52021-12-21 12:22:05.693root 11241100x8000000000000000656398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c22e022d6b1a5b2021-12-21 12:22:05.693root 11241100x8000000000000000656399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49581f1dc26c59b32021-12-21 12:22:05.694root 11241100x8000000000000000656400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73586e7ac123b1272021-12-21 12:22:05.694root 11241100x8000000000000000656401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3086002d14c537082021-12-21 12:22:05.694root 11241100x8000000000000000656402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee29ebecae07cc22021-12-21 12:22:05.694root 11241100x8000000000000000656403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0d22fd7def28f22021-12-21 12:22:05.694root 11241100x8000000000000000656404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee7ac22a8ea49622021-12-21 12:22:05.695root 11241100x8000000000000000656405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162acc425eb391592021-12-21 12:22:05.695root 11241100x8000000000000000656406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f3486c07fe97fa2021-12-21 12:22:05.695root 11241100x8000000000000000656407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f07f2840517d7f2021-12-21 12:22:05.695root 11241100x8000000000000000656408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.142{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:22:06.142root 11241100x8000000000000000656409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe2a7afa78355272021-12-21 12:22:06.143root 11241100x8000000000000000656410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396cf45d3546c6592021-12-21 12:22:06.144root 11241100x8000000000000000656411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00a2ff90cb8d73e2021-12-21 12:22:06.144root 11241100x8000000000000000656412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318faa4f8ff39e8c2021-12-21 12:22:06.144root 11241100x8000000000000000656413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f829185b6a04b46b2021-12-21 12:22:06.144root 11241100x8000000000000000656414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5862d587e5ad5a802021-12-21 12:22:06.144root 11241100x8000000000000000656415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfb34f802dfb0782021-12-21 12:22:06.144root 11241100x8000000000000000656416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27213d90a3edc67e2021-12-21 12:22:06.145root 11241100x8000000000000000656417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e7bda3f87c9d2f2021-12-21 12:22:06.145root 11241100x8000000000000000656418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4968282a0b737b262021-12-21 12:22:06.145root 11241100x8000000000000000656419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780bfb5923ddf47e2021-12-21 12:22:06.145root 11241100x8000000000000000656420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be634fc8720fe6e12021-12-21 12:22:06.145root 11241100x8000000000000000656421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d6d18a65f41f142021-12-21 12:22:06.145root 11241100x8000000000000000656422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf67093b9e603fd2021-12-21 12:22:06.145root 11241100x8000000000000000656423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd546d4524ce0482021-12-21 12:22:06.443root 11241100x8000000000000000656424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f2127438915c5a2021-12-21 12:22:06.443root 11241100x8000000000000000656425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded56565c785b2a52021-12-21 12:22:06.443root 11241100x8000000000000000656426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d9a77a60219c452021-12-21 12:22:06.443root 11241100x8000000000000000656427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a4ad5c427894ab2021-12-21 12:22:06.444root 11241100x8000000000000000656428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f9a73e635612c52021-12-21 12:22:06.444root 11241100x8000000000000000656429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded059c8043b90632021-12-21 12:22:06.444root 11241100x8000000000000000656430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db8683fc11738f82021-12-21 12:22:06.444root 11241100x8000000000000000656431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719ea91f62cb1cb52021-12-21 12:22:06.444root 11241100x8000000000000000656432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c2420441af1ea72021-12-21 12:22:06.444root 11241100x8000000000000000656433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c29915fd00af302021-12-21 12:22:06.445root 11241100x8000000000000000656434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7517959400c7942021-12-21 12:22:06.445root 11241100x8000000000000000656435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e785e8819cda2d742021-12-21 12:22:06.445root 11241100x8000000000000000656436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df7d5a267dac9f92021-12-21 12:22:06.943root 11241100x8000000000000000656437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36701a29ebf0d1c2021-12-21 12:22:06.943root 11241100x8000000000000000656438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9292cfa4688d086f2021-12-21 12:22:06.943root 11241100x8000000000000000656439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9c1df93ca9d3d82021-12-21 12:22:06.944root 11241100x8000000000000000656440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9f61eb9934c4cc2021-12-21 12:22:06.944root 11241100x8000000000000000656441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51b44dee3b4af552021-12-21 12:22:06.944root 11241100x8000000000000000656442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d758bac64228c5bc2021-12-21 12:22:06.944root 11241100x8000000000000000656443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066ee6b8715f37e32021-12-21 12:22:06.944root 11241100x8000000000000000656444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2dd7f54311aae62021-12-21 12:22:06.944root 11241100x8000000000000000656445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0141951666263f6c2021-12-21 12:22:06.944root 11241100x8000000000000000656446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847505421fa177d52021-12-21 12:22:06.944root 11241100x8000000000000000656447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d56cb31c822fb72021-12-21 12:22:06.944root 11241100x8000000000000000656448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae63371a786a9842021-12-21 12:22:06.945root 11241100x8000000000000000656449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191e40f3b95431ec2021-12-21 12:22:07.443root 11241100x8000000000000000656450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8768fe085cce53692021-12-21 12:22:07.443root 11241100x8000000000000000656451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d861ad73af6d7cb02021-12-21 12:22:07.443root 11241100x8000000000000000656452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59de2dd8cd2d0312021-12-21 12:22:07.443root 11241100x8000000000000000656453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67e8addb50133272021-12-21 12:22:07.443root 11241100x8000000000000000656454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2db48642f638fe2021-12-21 12:22:07.443root 11241100x8000000000000000656455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecb1a2717ae9ce52021-12-21 12:22:07.443root 11241100x8000000000000000656456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549914dd6a940f4e2021-12-21 12:22:07.443root 11241100x8000000000000000656457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f864a2d091056ce42021-12-21 12:22:07.444root 11241100x8000000000000000656458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86290667fb3dff12021-12-21 12:22:07.444root 11241100x8000000000000000656459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b8cd4c5cbec0d22021-12-21 12:22:07.444root 11241100x8000000000000000656460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4818b006476bc7e2021-12-21 12:22:07.444root 11241100x8000000000000000656461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bd1980dbe821b72021-12-21 12:22:07.444root 11241100x8000000000000000656462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af0ab1c50d6b3562021-12-21 12:22:07.943root 11241100x8000000000000000656463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08eca0d0ae0c38a62021-12-21 12:22:07.943root 11241100x8000000000000000656464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada2e5aefbf30deb2021-12-21 12:22:07.943root 11241100x8000000000000000656465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2eba7dba42b04522021-12-21 12:22:07.943root 11241100x8000000000000000656466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53be49558c23877d2021-12-21 12:22:07.943root 11241100x8000000000000000656467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d14471e6d77abc92021-12-21 12:22:07.943root 11241100x8000000000000000656468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2d93f6015d4fdc2021-12-21 12:22:07.943root 11241100x8000000000000000656469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f132abbc353d52242021-12-21 12:22:07.943root 11241100x8000000000000000656470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ab5a3f5488ac8d2021-12-21 12:22:07.944root 11241100x8000000000000000656471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81f04ecd9f81ab42021-12-21 12:22:07.944root 11241100x8000000000000000656472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e79b05835e42aa72021-12-21 12:22:07.944root 11241100x8000000000000000656473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40b78f97ab854bd2021-12-21 12:22:07.944root 11241100x8000000000000000656474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11fb685259bfb1b2021-12-21 12:22:07.944root 11241100x8000000000000000656475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd870c738839a2e22021-12-21 12:22:08.443root 11241100x8000000000000000656476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c2360d1e24bf772021-12-21 12:22:08.443root 11241100x8000000000000000656477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40de2d9b1c49a70d2021-12-21 12:22:08.443root 11241100x8000000000000000656478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e77a82345b5a48a2021-12-21 12:22:08.443root 11241100x8000000000000000656479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bf7436a46194472021-12-21 12:22:08.443root 11241100x8000000000000000656480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1906d271be7bbab72021-12-21 12:22:08.443root 11241100x8000000000000000656481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2957cad7f7e21aa52021-12-21 12:22:08.443root 11241100x8000000000000000656482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd12330a2144b312021-12-21 12:22:08.444root 11241100x8000000000000000656483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fb40d71173d8e02021-12-21 12:22:08.444root 11241100x8000000000000000656484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a132da8c45c624472021-12-21 12:22:08.444root 11241100x8000000000000000656485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994ddfeda60230be2021-12-21 12:22:08.444root 11241100x8000000000000000656486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afdf4fb3a7405432021-12-21 12:22:08.444root 11241100x8000000000000000656487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea23f0fd614487612021-12-21 12:22:08.444root 11241100x8000000000000000656488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5f895adfd87c1c2021-12-21 12:22:08.943root 11241100x8000000000000000656489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35977cafede59a322021-12-21 12:22:08.943root 11241100x8000000000000000656490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4886a0ade9c1432021-12-21 12:22:08.943root 11241100x8000000000000000656491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe7a160b5cc6d7f2021-12-21 12:22:08.943root 11241100x8000000000000000656492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570db360c8a19a922021-12-21 12:22:08.943root 11241100x8000000000000000656493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d838e8529492432021-12-21 12:22:08.943root 11241100x8000000000000000656494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7f5a859ebddc522021-12-21 12:22:08.943root 11241100x8000000000000000656495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d3bd4cdde93f272021-12-21 12:22:08.943root 11241100x8000000000000000656496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079584fe8239450c2021-12-21 12:22:08.943root 11241100x8000000000000000656497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d4bce01cdac09d2021-12-21 12:22:08.944root 11241100x8000000000000000656498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09016cce39eba712021-12-21 12:22:08.944root 11241100x8000000000000000656499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0551a704ba91252021-12-21 12:22:08.944root 11241100x8000000000000000656500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7097269cc3433d5e2021-12-21 12:22:08.944root 354300x8000000000000000656501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.099{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49886-false10.0.1.12-8000- 23542300x8000000000000000656502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.144{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000656503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88e1a1df5a2a0e32021-12-21 12:22:09.443root 11241100x8000000000000000656504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac379bca940f1e872021-12-21 12:22:09.443root 11241100x8000000000000000656505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e091f12d6fd4ad2021-12-21 12:22:09.443root 11241100x8000000000000000656506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9498cf9086190b2021-12-21 12:22:09.443root 11241100x8000000000000000656507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325b186ec4270d842021-12-21 12:22:09.443root 11241100x8000000000000000656508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b41760d91d338e92021-12-21 12:22:09.443root 11241100x8000000000000000656509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf6782975ce2ee12021-12-21 12:22:09.443root 11241100x8000000000000000656510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0e31d3bcbcd8f42021-12-21 12:22:09.443root 11241100x8000000000000000656511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06dd0dcc7be162fa2021-12-21 12:22:09.443root 11241100x8000000000000000656512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bcb72976d2f5b52021-12-21 12:22:09.444root 11241100x8000000000000000656513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b1418b652dc86f2021-12-21 12:22:09.444root 11241100x8000000000000000656514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09ff494d170b4462021-12-21 12:22:09.444root 11241100x8000000000000000656515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b154ba9b74bd732021-12-21 12:22:09.444root 11241100x8000000000000000656516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cd0713f961e40d2021-12-21 12:22:09.444root 11241100x8000000000000000656517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b2a168754a31d82021-12-21 12:22:09.444root 11241100x8000000000000000656518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbf15097664ec5d2021-12-21 12:22:09.444root 11241100x8000000000000000656519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab6bcbe92e7e0702021-12-21 12:22:09.444root 11241100x8000000000000000656520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feceec883d96af242021-12-21 12:22:09.444root 11241100x8000000000000000656521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022a64e1a37348352021-12-21 12:22:09.444root 11241100x8000000000000000656522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53517688b1ab77922021-12-21 12:22:09.444root 11241100x8000000000000000656523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d76239a191c1f82021-12-21 12:22:09.445root 11241100x8000000000000000656524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63f68d4d5eaf6812021-12-21 12:22:09.445root 11241100x8000000000000000656525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4be3deacbdfb082021-12-21 12:22:09.445root 11241100x8000000000000000656526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8537838052bfe7732021-12-21 12:22:09.445root 11241100x8000000000000000656527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ee768999a379a72021-12-21 12:22:09.445root 11241100x8000000000000000656528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775b300504c8a9492021-12-21 12:22:09.445root 11241100x8000000000000000656529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4c950d99a2b5822021-12-21 12:22:09.943root 11241100x8000000000000000656530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39b95c0d9165c9b2021-12-21 12:22:09.943root 11241100x8000000000000000656531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e5e143573f17c62021-12-21 12:22:09.943root 11241100x8000000000000000656532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5277ed7c77c99e2021-12-21 12:22:09.943root 11241100x8000000000000000656533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2842e57d4985e3902021-12-21 12:22:09.943root 11241100x8000000000000000656534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6396ef4feb359b2021-12-21 12:22:09.943root 11241100x8000000000000000656535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5594735eb38975d72021-12-21 12:22:09.944root 11241100x8000000000000000656536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49ace96483f8e2f2021-12-21 12:22:09.944root 11241100x8000000000000000656537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09693a0e45190d992021-12-21 12:22:09.944root 11241100x8000000000000000656538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468b87e5d5636a4b2021-12-21 12:22:09.944root 11241100x8000000000000000656539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d5c2260504e2762021-12-21 12:22:09.944root 11241100x8000000000000000656540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712040314eddfe852021-12-21 12:22:09.944root 11241100x8000000000000000656541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2b1de2793671932021-12-21 12:22:09.944root 11241100x8000000000000000656542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03870bfaaf61a2e2021-12-21 12:22:09.944root 11241100x8000000000000000656543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8203d7a650170d402021-12-21 12:22:09.944root 11241100x8000000000000000656544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2511d3e71e4862c62021-12-21 12:22:09.944root 11241100x8000000000000000656545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b63e7f82f814f92021-12-21 12:22:09.944root 11241100x8000000000000000656546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7042ecea3d4a2c5f2021-12-21 12:22:09.945root 11241100x8000000000000000656547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c239c9484271a5b12021-12-21 12:22:10.443root 11241100x8000000000000000656548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2ac98b9e46cb9c2021-12-21 12:22:10.443root 11241100x8000000000000000656549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833e777dfbccb1942021-12-21 12:22:10.443root 11241100x8000000000000000656550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3351d0b452fae9a62021-12-21 12:22:10.443root 11241100x8000000000000000656551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953418a69f129dfd2021-12-21 12:22:10.443root 11241100x8000000000000000656552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c251b8c13662f102021-12-21 12:22:10.443root 11241100x8000000000000000656553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5596b67bd60ab7cb2021-12-21 12:22:10.443root 11241100x8000000000000000656554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bb6a044b1448622021-12-21 12:22:10.443root 11241100x8000000000000000656555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed601d7c14cc9312021-12-21 12:22:10.443root 11241100x8000000000000000656556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d9e4f687cca8182021-12-21 12:22:10.444root 11241100x8000000000000000656557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a083f20000006b2021-12-21 12:22:10.444root 11241100x8000000000000000656558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24982419cafb8c32021-12-21 12:22:10.444root 11241100x8000000000000000656559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605a941425ddc4bd2021-12-21 12:22:10.444root 11241100x8000000000000000656560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17125014fde096df2021-12-21 12:22:10.444root 11241100x8000000000000000656561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55252d369e9724a12021-12-21 12:22:10.444root 154100x8000000000000000656562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.642{ec2b6afe-c6f2-61c1-6824-c27332560000}10077/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000656563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.652{ec2b6afe-c6f2-61c1-6824-c27332560000}10077/bin/psroot 11241100x8000000000000000656564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63173121fb5856002021-12-21 12:22:10.943root 11241100x8000000000000000656565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ff895f977a33f02021-12-21 12:22:10.943root 11241100x8000000000000000656566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d7b1567b10fa442021-12-21 12:22:10.943root 11241100x8000000000000000656567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c216dc1dd2b4a6b2021-12-21 12:22:10.943root 11241100x8000000000000000656568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133c6ca5b1100ac22021-12-21 12:22:10.944root 11241100x8000000000000000656569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758ad68278b656dc2021-12-21 12:22:10.944root 11241100x8000000000000000656570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fcc2ab5f188d0e2021-12-21 12:22:10.944root 11241100x8000000000000000656571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea35cd59acf40be2021-12-21 12:22:10.944root 11241100x8000000000000000656572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e1364a4df778242021-12-21 12:22:10.944root 11241100x8000000000000000656573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d5e06eca5166e32021-12-21 12:22:10.944root 11241100x8000000000000000656574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04353c09b225c3422021-12-21 12:22:10.945root 11241100x8000000000000000656575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976d893b0da93f2b2021-12-21 12:22:10.945root 11241100x8000000000000000656576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bacaa5fada98cf42021-12-21 12:22:10.945root 11241100x8000000000000000656577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee942a6e2159b082021-12-21 12:22:10.945root 11241100x8000000000000000656578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb366fa7d21731962021-12-21 12:22:10.945root 11241100x8000000000000000656579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938c28e4d6cc00722021-12-21 12:22:10.945root 11241100x8000000000000000656580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2af9ace50f26602021-12-21 12:22:10.945root 11241100x8000000000000000656581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3015e44d4d0954fb2021-12-21 12:22:11.443root 11241100x8000000000000000656582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790110c07ca284882021-12-21 12:22:11.443root 11241100x8000000000000000656583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa617a5ad4142b6c2021-12-21 12:22:11.443root 11241100x8000000000000000656584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275ba0e2022d4ebd2021-12-21 12:22:11.443root 11241100x8000000000000000656585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55659f01a3fb2e032021-12-21 12:22:11.444root 11241100x8000000000000000656586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e54e012657ed88d2021-12-21 12:22:11.444root 11241100x8000000000000000656587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd25f4c87a14e2e2021-12-21 12:22:11.444root 11241100x8000000000000000656588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086e822c4a666a762021-12-21 12:22:11.444root 11241100x8000000000000000656589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a4d88189aa4bbd2021-12-21 12:22:11.444root 11241100x8000000000000000656590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6ad5e292ab3be82021-12-21 12:22:11.444root 11241100x8000000000000000656591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e136eced193de482021-12-21 12:22:11.444root 11241100x8000000000000000656592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a123096a6180a1702021-12-21 12:22:11.444root 11241100x8000000000000000656593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66908e5eb80262522021-12-21 12:22:11.444root 11241100x8000000000000000656594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7fabd03a33a10a2021-12-21 12:22:11.444root 11241100x8000000000000000656595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37fcc33351d621e2021-12-21 12:22:11.445root 11241100x8000000000000000656596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620bba3b469ee6702021-12-21 12:22:11.445root 11241100x8000000000000000656597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311ad1c9c6e58ecb2021-12-21 12:22:11.445root 11241100x8000000000000000656598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0819327d48810fa2021-12-21 12:22:11.943root 11241100x8000000000000000656599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0cec7547aa37f32021-12-21 12:22:11.943root 11241100x8000000000000000656600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c586cb979ab8a94d2021-12-21 12:22:11.943root 11241100x8000000000000000656601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f5050b58bb451c2021-12-21 12:22:11.943root 11241100x8000000000000000656602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116b6a51f3837f662021-12-21 12:22:11.943root 11241100x8000000000000000656603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f9d58c7d544f222021-12-21 12:22:11.943root 11241100x8000000000000000656604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df367d2c44d9fd412021-12-21 12:22:11.943root 11241100x8000000000000000656605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb1203ca43e19fe2021-12-21 12:22:11.943root 11241100x8000000000000000656606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fd84fb41ad5b912021-12-21 12:22:11.943root 11241100x8000000000000000656607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a0d7c23b2005142021-12-21 12:22:11.944root 11241100x8000000000000000656608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea83c9adf7018612021-12-21 12:22:11.944root 11241100x8000000000000000656609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b5d7a48892da442021-12-21 12:22:11.944root 11241100x8000000000000000656610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cf401d70a346502021-12-21 12:22:11.944root 11241100x8000000000000000656611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f114baf71f2ff6a12021-12-21 12:22:11.944root 11241100x8000000000000000656612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffe47ed866d69fd2021-12-21 12:22:11.944root 11241100x8000000000000000656613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ee4ba7579b23aa2021-12-21 12:22:11.944root 11241100x8000000000000000656614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda43d5c95bb570a2021-12-21 12:22:11.944root 534500x8000000000000000656615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.026{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 11241100x8000000000000000656616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a366a9d5f732f4dc2021-12-21 12:22:12.442root 11241100x8000000000000000656617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931e5087d3af625e2021-12-21 12:22:12.443root 11241100x8000000000000000656618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09638446cffa0ace2021-12-21 12:22:12.444root 11241100x8000000000000000656619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2481715a2f88e70e2021-12-21 12:22:12.444root 11241100x8000000000000000656620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262ed10fd57ceafb2021-12-21 12:22:12.444root 11241100x8000000000000000656621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a008588810c0f742021-12-21 12:22:12.444root 11241100x8000000000000000656622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e41a221297d6282021-12-21 12:22:12.444root 11241100x8000000000000000656623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d81697852b82952021-12-21 12:22:12.445root 11241100x8000000000000000656624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe84e762a0740812021-12-21 12:22:12.445root 11241100x8000000000000000656625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee51516bf4e5f0fb2021-12-21 12:22:12.445root 11241100x8000000000000000656626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb9ed5be17b1a792021-12-21 12:22:12.445root 11241100x8000000000000000656627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e169a0890802faa42021-12-21 12:22:12.445root 11241100x8000000000000000656628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc0888519db72f42021-12-21 12:22:12.445root 11241100x8000000000000000656629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fbf0cee4a823892021-12-21 12:22:12.445root 11241100x8000000000000000656630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f11a7915f852652021-12-21 12:22:12.445root 11241100x8000000000000000656631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d2b5c0e99dab922021-12-21 12:22:12.445root 11241100x8000000000000000656632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d048880d73aa15452021-12-21 12:22:12.445root 11241100x8000000000000000656633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a2ebbc16ff38752021-12-21 12:22:12.445root 11241100x8000000000000000656634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8537933202169a2021-12-21 12:22:12.445root 11241100x8000000000000000656635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2535f495904770092021-12-21 12:22:12.943root 11241100x8000000000000000656636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427c2829f79859772021-12-21 12:22:12.943root 11241100x8000000000000000656637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c247992e8e96ad5f2021-12-21 12:22:12.943root 11241100x8000000000000000656638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b223af8f7ce14722021-12-21 12:22:12.943root 11241100x8000000000000000656639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55472a33f788d7d2021-12-21 12:22:12.944root 11241100x8000000000000000656640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675e1bbab0f60a902021-12-21 12:22:12.944root 11241100x8000000000000000656641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857bb77e2a7a5eb12021-12-21 12:22:12.944root 11241100x8000000000000000656642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdee20c0283f07342021-12-21 12:22:12.944root 11241100x8000000000000000656643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5144f89d38edb82021-12-21 12:22:12.944root 11241100x8000000000000000656644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d547a7c65b34f32021-12-21 12:22:12.944root 11241100x8000000000000000656645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3843294da698d7662021-12-21 12:22:12.944root 11241100x8000000000000000656646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e15951a156306d02021-12-21 12:22:12.944root 11241100x8000000000000000656647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea6671b0fd2eb452021-12-21 12:22:12.944root 11241100x8000000000000000656648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0835b14f282cce8d2021-12-21 12:22:12.944root 11241100x8000000000000000656649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7605c7b6dfda43f2021-12-21 12:22:12.944root 11241100x8000000000000000656650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c2a385b3d73c732021-12-21 12:22:12.944root 11241100x8000000000000000656651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e48149b734374b2021-12-21 12:22:12.944root 11241100x8000000000000000656652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789e2585ef4a7b8c2021-12-21 12:22:12.945root 11241100x8000000000000000656653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d288a048ec012e0f2021-12-21 12:22:12.945root 11241100x8000000000000000656654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c944de3bf2fd36502021-12-21 12:22:13.443root 11241100x8000000000000000656655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e644881e37e39052021-12-21 12:22:13.443root 11241100x8000000000000000656656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf707af88d8003d62021-12-21 12:22:13.443root 11241100x8000000000000000656657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2d190cca81f0742021-12-21 12:22:13.443root 11241100x8000000000000000656658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400cc4e53487a82e2021-12-21 12:22:13.443root 11241100x8000000000000000656659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc1af3e4b563a3e2021-12-21 12:22:13.443root 11241100x8000000000000000656660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bab0159815608a12021-12-21 12:22:13.443root 11241100x8000000000000000656661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3a4d054ccc5bd62021-12-21 12:22:13.444root 11241100x8000000000000000656662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4084145b2388ed2021-12-21 12:22:13.444root 11241100x8000000000000000656663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35881a5a8df5e3892021-12-21 12:22:13.444root 11241100x8000000000000000656664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5f9219a46bb4af2021-12-21 12:22:13.444root 11241100x8000000000000000656665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd708b85bf310e0b2021-12-21 12:22:13.444root 11241100x8000000000000000656666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c6c0b0899c5d742021-12-21 12:22:13.445root 11241100x8000000000000000656667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4563cf8bfcc27442021-12-21 12:22:13.445root 11241100x8000000000000000656668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3de377fa7b91662021-12-21 12:22:13.445root 11241100x8000000000000000656669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46279ac063ae55752021-12-21 12:22:13.445root 11241100x8000000000000000656670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107b789a399a5ae52021-12-21 12:22:13.445root 11241100x8000000000000000656671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de0ad38b1ecf1dd2021-12-21 12:22:13.445root 11241100x8000000000000000656672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed45e84b88376fd42021-12-21 12:22:13.943root 11241100x8000000000000000656673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f7f360436d4f672021-12-21 12:22:13.943root 11241100x8000000000000000656674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0efdd75dc574f752021-12-21 12:22:13.943root 11241100x8000000000000000656675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64efdb8482176642021-12-21 12:22:13.943root 11241100x8000000000000000656676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f1e4a74e9e86e32021-12-21 12:22:13.944root 11241100x8000000000000000656677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf4bfe50a0bef512021-12-21 12:22:13.944root 11241100x8000000000000000656678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dffa7e02c7bf2a32021-12-21 12:22:13.944root 11241100x8000000000000000656679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5baa6e6e85b5cddf2021-12-21 12:22:13.944root 11241100x8000000000000000656680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef526a5e180198d72021-12-21 12:22:13.944root 11241100x8000000000000000656681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9c800c1cb29eda2021-12-21 12:22:13.944root 11241100x8000000000000000656682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e478ed82aa487c42021-12-21 12:22:13.944root 11241100x8000000000000000656683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55b44d73c6350ca2021-12-21 12:22:13.944root 11241100x8000000000000000656684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8ee0958e0539be2021-12-21 12:22:13.944root 11241100x8000000000000000656685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1577d137c74193282021-12-21 12:22:13.944root 11241100x8000000000000000656686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c221ee90d67d572021-12-21 12:22:13.944root 11241100x8000000000000000656687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c62562d4b642492021-12-21 12:22:13.944root 11241100x8000000000000000656688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2abb73931c3d22c2021-12-21 12:22:13.944root 11241100x8000000000000000656689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2cd968c62d23692021-12-21 12:22:13.944root 11241100x8000000000000000656690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0086680253ff2152021-12-21 12:22:13.945root 11241100x8000000000000000656691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443b47fc1008b4b92021-12-21 12:22:13.945root 354300x8000000000000000656692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.250{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49888-false10.0.1.12-8000- 11241100x8000000000000000656693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74777f48c19e355f2021-12-21 12:22:14.251root 11241100x8000000000000000656694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4974b6c499565d2021-12-21 12:22:14.251root 11241100x8000000000000000656695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3434d2c8fe3ddb642021-12-21 12:22:14.251root 11241100x8000000000000000656696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bfa7802f3dd8312021-12-21 12:22:14.251root 11241100x8000000000000000656697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08be168bab6933102021-12-21 12:22:14.252root 11241100x8000000000000000656698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9b125906e22bfd2021-12-21 12:22:14.252root 11241100x8000000000000000656699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681f3d514e8f7de72021-12-21 12:22:14.252root 11241100x8000000000000000656700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7bd617069b57e32021-12-21 12:22:14.252root 11241100x8000000000000000656701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66290b0fe273f0882021-12-21 12:22:14.253root 11241100x8000000000000000656702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7159c57fda71942021-12-21 12:22:14.253root 11241100x8000000000000000656703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21c259f29ccb46f2021-12-21 12:22:14.253root 11241100x8000000000000000656704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3107d07544e6a122021-12-21 12:22:14.253root 11241100x8000000000000000656705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac22aa28a799d472021-12-21 12:22:14.254root 11241100x8000000000000000656706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e123c92758ba7f012021-12-21 12:22:14.254root 11241100x8000000000000000656707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006a9761ba1ced762021-12-21 12:22:14.254root 11241100x8000000000000000656708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283568cc05c5f6d82021-12-21 12:22:14.254root 11241100x8000000000000000656709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3781484e19d970922021-12-21 12:22:14.255root 11241100x8000000000000000656710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f68053c01674d012021-12-21 12:22:14.255root 11241100x8000000000000000656711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba4dfb7fde1823e2021-12-21 12:22:14.255root 11241100x8000000000000000656712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d8678b1fe930152021-12-21 12:22:14.256root 11241100x8000000000000000656713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9cae37e09a95cd2021-12-21 12:22:14.256root 11241100x8000000000000000656714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d457635f28a9f5c2021-12-21 12:22:14.256root 11241100x8000000000000000656715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce3a8990cde2c7f2021-12-21 12:22:14.256root 11241100x8000000000000000656716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc54dadec9acf012021-12-21 12:22:14.256root 11241100x8000000000000000656717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f947db2c0c1d48252021-12-21 12:22:14.256root 11241100x8000000000000000656718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690e89fe5f44b91e2021-12-21 12:22:14.693root 11241100x8000000000000000656719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a0471c0f0a59a92021-12-21 12:22:14.693root 11241100x8000000000000000656720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651c2930b9654b5e2021-12-21 12:22:14.694root 11241100x8000000000000000656721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b0086730e7746b2021-12-21 12:22:14.694root 11241100x8000000000000000656722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c36084d4f6347f42021-12-21 12:22:14.694root 11241100x8000000000000000656723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d354c19e228c63332021-12-21 12:22:14.694root 11241100x8000000000000000656724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2130924ade42e3712021-12-21 12:22:14.694root 11241100x8000000000000000656725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19853db4dfbbf1e12021-12-21 12:22:14.694root 11241100x8000000000000000656726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080534b7750e241b2021-12-21 12:22:14.694root 11241100x8000000000000000656727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74f4548e18b220e2021-12-21 12:22:14.694root 11241100x8000000000000000656728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c040777a68b2b92021-12-21 12:22:14.694root 11241100x8000000000000000656729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a264a1f82825875c2021-12-21 12:22:14.694root 11241100x8000000000000000656730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a45ef21fbe2cd772021-12-21 12:22:14.694root 11241100x8000000000000000656731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073c4131f47493e82021-12-21 12:22:14.695root 11241100x8000000000000000656732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e596663fa5af982021-12-21 12:22:14.695root 11241100x8000000000000000656733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ca8de3622432e42021-12-21 12:22:14.695root 11241100x8000000000000000656734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257e7029f234bb902021-12-21 12:22:14.695root 11241100x8000000000000000656735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa79e99259d749d32021-12-21 12:22:14.695root 11241100x8000000000000000656736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a333351a79a4a762021-12-21 12:22:14.695root 11241100x8000000000000000656737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8551665664a516d42021-12-21 12:22:15.195root 11241100x8000000000000000656738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037b4ac6057f08362021-12-21 12:22:15.195root 11241100x8000000000000000656739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4b90c3d055f3e22021-12-21 12:22:15.195root 11241100x8000000000000000656740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c7dc12ab2354492021-12-21 12:22:15.195root 11241100x8000000000000000656741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3846c2aba12c502021-12-21 12:22:15.195root 11241100x8000000000000000656742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfe1dcec46c72d32021-12-21 12:22:15.195root 11241100x8000000000000000656743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e4985a2168304c2021-12-21 12:22:15.196root 11241100x8000000000000000656744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9c95a91a27bda12021-12-21 12:22:15.196root 11241100x8000000000000000656745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd37ad73d3d82092021-12-21 12:22:15.196root 11241100x8000000000000000656746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcea220e24f93d32021-12-21 12:22:15.196root 11241100x8000000000000000656747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650e2b828f4880992021-12-21 12:22:15.196root 11241100x8000000000000000656748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfbf612dfa911322021-12-21 12:22:15.196root 11241100x8000000000000000656749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db46977f50cd2672021-12-21 12:22:15.196root 11241100x8000000000000000656750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be821524b51250a42021-12-21 12:22:15.196root 11241100x8000000000000000656751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0596dcea769d122021-12-21 12:22:15.196root 11241100x8000000000000000656752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa160ef00fd869b2021-12-21 12:22:15.196root 11241100x8000000000000000656753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0d116dca48a50e2021-12-21 12:22:15.197root 11241100x8000000000000000656754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e211b4075e9d91f02021-12-21 12:22:15.197root 11241100x8000000000000000656755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1550382574f16542021-12-21 12:22:15.197root 11241100x8000000000000000656756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dc0995a8f0b9dd2021-12-21 12:22:15.693root 11241100x8000000000000000656757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f47c243f1b5b5c62021-12-21 12:22:15.693root 11241100x8000000000000000656758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7e7c9547b60bc22021-12-21 12:22:15.693root 11241100x8000000000000000656759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6a3e54cc5dd2532021-12-21 12:22:15.693root 11241100x8000000000000000656760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8611dac656b59fd2021-12-21 12:22:15.693root 11241100x8000000000000000656761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74092456f10178cf2021-12-21 12:22:15.693root 11241100x8000000000000000656762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76be9bdbe5f8f892021-12-21 12:22:15.693root 11241100x8000000000000000656763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9aa1c51779dfe4e2021-12-21 12:22:15.693root 11241100x8000000000000000656764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2aba68d903068012021-12-21 12:22:15.693root 11241100x8000000000000000656765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6c0fe161a8947e2021-12-21 12:22:15.694root 11241100x8000000000000000656766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e906d6c3515efe62021-12-21 12:22:15.694root 11241100x8000000000000000656767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdc42ee0655f9282021-12-21 12:22:15.694root 11241100x8000000000000000656768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4351c65f882a2caf2021-12-21 12:22:15.694root 11241100x8000000000000000656769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1ed30bbcf0102c2021-12-21 12:22:15.694root 11241100x8000000000000000656770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb86522b89234592021-12-21 12:22:15.694root 11241100x8000000000000000656771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4857d9acae1e2702021-12-21 12:22:15.694root 11241100x8000000000000000656772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d57e9e9edd1b0a2021-12-21 12:22:15.694root 11241100x8000000000000000656773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7f384c1f47d8832021-12-21 12:22:15.694root 11241100x8000000000000000656774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debd589b9c7665b02021-12-21 12:22:15.694root 11241100x8000000000000000656775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd68cdaa57a649d72021-12-21 12:22:16.193root 11241100x8000000000000000656776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb97e5b79ffa8acd2021-12-21 12:22:16.193root 11241100x8000000000000000656777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fe5d5714008f452021-12-21 12:22:16.193root 11241100x8000000000000000656778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9bf9694b74b6d22021-12-21 12:22:16.193root 11241100x8000000000000000656779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f6ae33ae1ef4d32021-12-21 12:22:16.193root 11241100x8000000000000000656780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7775845e7fe83a162021-12-21 12:22:16.193root 11241100x8000000000000000656781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8086e97fc2e6a352021-12-21 12:22:16.193root 11241100x8000000000000000656782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42888c3530791f72021-12-21 12:22:16.194root 11241100x8000000000000000656783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df838a63cf7151462021-12-21 12:22:16.194root 11241100x8000000000000000656784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68335c957cf91c942021-12-21 12:22:16.194root 11241100x8000000000000000656785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8337c7b9b6cbcd712021-12-21 12:22:16.194root 11241100x8000000000000000656786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19cedbc36528b8502021-12-21 12:22:16.194root 11241100x8000000000000000656787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343420d910fb773c2021-12-21 12:22:16.194root 11241100x8000000000000000656788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbf29a8681c50d12021-12-21 12:22:16.194root 11241100x8000000000000000656789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72459fe16755f01f2021-12-21 12:22:16.195root 11241100x8000000000000000656790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a897b80fbbe3a3cf2021-12-21 12:22:16.195root 11241100x8000000000000000656791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7c57e183481b2a2021-12-21 12:22:16.195root 11241100x8000000000000000656792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb9aa2da31b61222021-12-21 12:22:16.195root 11241100x8000000000000000656793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15aba2823e8145d2021-12-21 12:22:16.195root 11241100x8000000000000000656794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c1c263907cb27f2021-12-21 12:22:16.693root 11241100x8000000000000000656795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbb1d6771d6c80c2021-12-21 12:22:16.693root 11241100x8000000000000000656796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084e41ab61ec83b92021-12-21 12:22:16.693root 11241100x8000000000000000656797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa37b3d0eecf3beb2021-12-21 12:22:16.693root 11241100x8000000000000000656798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d25cc2573d805b82021-12-21 12:22:16.693root 11241100x8000000000000000656799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13226c0c71d8e67c2021-12-21 12:22:16.693root 11241100x8000000000000000656800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1d8c9ac52416242021-12-21 12:22:16.694root 11241100x8000000000000000656801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9803968e5b6b262021-12-21 12:22:16.694root 11241100x8000000000000000656802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc8a9a45e7509932021-12-21 12:22:16.694root 11241100x8000000000000000656803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b93b25f17c9fe52021-12-21 12:22:16.694root 11241100x8000000000000000656804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d68dd220b189d42021-12-21 12:22:16.694root 11241100x8000000000000000656805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028067f88cf7f0c12021-12-21 12:22:16.694root 11241100x8000000000000000656806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5797ee428898220f2021-12-21 12:22:16.694root 11241100x8000000000000000656807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199ed9344bb816e32021-12-21 12:22:16.694root 11241100x8000000000000000656808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3162f3792a3da06d2021-12-21 12:22:16.694root 11241100x8000000000000000656809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfada460eb97e742021-12-21 12:22:16.695root 11241100x8000000000000000656810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedad47908dbf5cd2021-12-21 12:22:16.695root 11241100x8000000000000000656811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1d5f3f57fce8d92021-12-21 12:22:16.695root 11241100x8000000000000000656812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed75c793e1859422021-12-21 12:22:16.695root 11241100x8000000000000000656813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf30742867cda8b2021-12-21 12:22:17.192root 11241100x8000000000000000656814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c3813e001ce3632021-12-21 12:22:17.193root 11241100x8000000000000000656815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978c9b34d4d474ba2021-12-21 12:22:17.193root 11241100x8000000000000000656816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7c913eb75475092021-12-21 12:22:17.193root 11241100x8000000000000000656817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8004f916157dfa302021-12-21 12:22:17.193root 11241100x8000000000000000656818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fc16bb93bd9b692021-12-21 12:22:17.193root 11241100x8000000000000000656819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea06d9c40308dd22021-12-21 12:22:17.193root 11241100x8000000000000000656820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c5d32d52c9e83e2021-12-21 12:22:17.193root 11241100x8000000000000000656821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835b01574ccb64772021-12-21 12:22:17.193root 11241100x8000000000000000656822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eea394b87cf752c2021-12-21 12:22:17.194root 11241100x8000000000000000656823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decbedc33df3fd6f2021-12-21 12:22:17.194root 11241100x8000000000000000656824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97964aef22add7ef2021-12-21 12:22:17.194root 11241100x8000000000000000656825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292da8d1f9fbe81a2021-12-21 12:22:17.194root 11241100x8000000000000000656826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99327fcf7b7f3bfa2021-12-21 12:22:17.194root 11241100x8000000000000000656827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d389d00bfa41ec2021-12-21 12:22:17.194root 11241100x8000000000000000656828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57fd1b69f35b51a2021-12-21 12:22:17.194root 11241100x8000000000000000656829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb722a7d0e0302ba2021-12-21 12:22:17.194root 11241100x8000000000000000656830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be0ec50e2a172c72021-12-21 12:22:17.194root 11241100x8000000000000000656831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f586bc75d22b7cd2021-12-21 12:22:17.194root 11241100x8000000000000000656832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd225329ab899132021-12-21 12:22:17.194root 11241100x8000000000000000656833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be37432ec9574e62021-12-21 12:22:17.195root 11241100x8000000000000000656834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3d53879820295d2021-12-21 12:22:17.195root 11241100x8000000000000000656835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5339eacfa9583ef52021-12-21 12:22:17.195root 11241100x8000000000000000656836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c71a58b0ea28632021-12-21 12:22:17.196root 11241100x8000000000000000656837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393dae8f3eee85322021-12-21 12:22:17.196root 11241100x8000000000000000656838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25a123d0864f0212021-12-21 12:22:17.196root 11241100x8000000000000000656839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c13da4bd022af12021-12-21 12:22:17.196root 11241100x8000000000000000656840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6cc502e96149412021-12-21 12:22:17.196root 11241100x8000000000000000656841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf33a9af685217b22021-12-21 12:22:17.196root 11241100x8000000000000000656842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc683cb768799e062021-12-21 12:22:17.196root 11241100x8000000000000000656843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e656f19a2e5527762021-12-21 12:22:17.196root 11241100x8000000000000000656844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bc46d817f1dbd02021-12-21 12:22:17.196root 11241100x8000000000000000656845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07dba74fb8a7dbe92021-12-21 12:22:17.196root 11241100x8000000000000000656846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897d6cad312dbbf72021-12-21 12:22:17.196root 11241100x8000000000000000656847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff61ed6daf754dd2021-12-21 12:22:17.693root 11241100x8000000000000000656848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d711f9e2371fa8562021-12-21 12:22:17.693root 11241100x8000000000000000656849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff71ef30b1866d912021-12-21 12:22:17.693root 11241100x8000000000000000656850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44a626e430fa3592021-12-21 12:22:17.693root 11241100x8000000000000000656851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1193fd7d0a8816d42021-12-21 12:22:17.693root 11241100x8000000000000000656852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1993ee8896e414dc2021-12-21 12:22:17.693root 11241100x8000000000000000656853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3c158b80ccb4592021-12-21 12:22:17.693root 11241100x8000000000000000656854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87db022db7841e4b2021-12-21 12:22:17.693root 11241100x8000000000000000656855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf96fa40cd190472021-12-21 12:22:17.693root 11241100x8000000000000000656856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d3cb08ae41a5e12021-12-21 12:22:17.694root 11241100x8000000000000000656857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7768aece994752f02021-12-21 12:22:17.694root 11241100x8000000000000000656858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47967acf1cd5b0cf2021-12-21 12:22:17.694root 11241100x8000000000000000656859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e26aaf58d218ba12021-12-21 12:22:17.694root 11241100x8000000000000000656860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09706a56916d74e2021-12-21 12:22:17.694root 11241100x8000000000000000656861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2dcf685568d04242021-12-21 12:22:17.694root 11241100x8000000000000000656862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926367a3eccee6212021-12-21 12:22:17.694root 11241100x8000000000000000656863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8c44de255ea5552021-12-21 12:22:17.694root 11241100x8000000000000000656864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d472ddfd38fd4a2021-12-21 12:22:17.694root 11241100x8000000000000000656865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406a0ec2fc6bffa82021-12-21 12:22:17.694root 11241100x8000000000000000656866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed5fc9bbd0463892021-12-21 12:22:17.694root 11241100x8000000000000000656867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe6f7be9358ba6d2021-12-21 12:22:17.695root 11241100x8000000000000000656868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cefc507845684e62021-12-21 12:22:17.695root 11241100x8000000000000000656869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ab002cc21f84e82021-12-21 12:22:17.695root 11241100x8000000000000000656870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1970b630950e48f32021-12-21 12:22:17.695root 11241100x8000000000000000656871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6628a6d5e0bde62021-12-21 12:22:18.193root 11241100x8000000000000000656872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09143baf65a0dbd2021-12-21 12:22:18.193root 11241100x8000000000000000656873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98290cab68e215b2021-12-21 12:22:18.193root 11241100x8000000000000000656874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5994dc42b32d71b62021-12-21 12:22:18.193root 11241100x8000000000000000656875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96385007c93e5862021-12-21 12:22:18.193root 11241100x8000000000000000656876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed06210d5df3c0122021-12-21 12:22:18.193root 11241100x8000000000000000656877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d588a83c278d562021-12-21 12:22:18.193root 11241100x8000000000000000656878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f02f82edf38a982021-12-21 12:22:18.193root 11241100x8000000000000000656879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a744b7ccd2065aad2021-12-21 12:22:18.193root 11241100x8000000000000000656880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bcc8e13608a9b042021-12-21 12:22:18.193root 11241100x8000000000000000656881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985092594f25560c2021-12-21 12:22:18.194root 11241100x8000000000000000656882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269887aedc2b9c4f2021-12-21 12:22:18.194root 11241100x8000000000000000656883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad98480370765c82021-12-21 12:22:18.194root 11241100x8000000000000000656884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e60b17e031acbd2021-12-21 12:22:18.194root 11241100x8000000000000000656885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2175518423a54fc82021-12-21 12:22:18.194root 11241100x8000000000000000656886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ba952044011d182021-12-21 12:22:18.194root 11241100x8000000000000000656887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa241c1c6eddc8b2021-12-21 12:22:18.194root 11241100x8000000000000000656888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c23e1bbc4009902021-12-21 12:22:18.194root 11241100x8000000000000000656889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7b7390915474c92021-12-21 12:22:18.194root 11241100x8000000000000000656890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3415e77b5b77642021-12-21 12:22:18.194root 11241100x8000000000000000656891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7306eb6d5e77893f2021-12-21 12:22:18.194root 11241100x8000000000000000656892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b003630f0e69ff2021-12-21 12:22:18.195root 11241100x8000000000000000656893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dc1ace3b38d1ea2021-12-21 12:22:18.195root 11241100x8000000000000000656894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c8f613546cf3812021-12-21 12:22:18.195root 11241100x8000000000000000656895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3accf0e41c3d1de52021-12-21 12:22:18.693root 11241100x8000000000000000656896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf6ac9cc1a617ae2021-12-21 12:22:18.693root 11241100x8000000000000000656897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf91bbfebde90a12021-12-21 12:22:18.693root 11241100x8000000000000000656898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77d52916f0fc5d22021-12-21 12:22:18.693root 11241100x8000000000000000656899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694c79a90708193d2021-12-21 12:22:18.693root 11241100x8000000000000000656900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483e211c896a523e2021-12-21 12:22:18.694root 11241100x8000000000000000656901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c62636500a48522021-12-21 12:22:18.694root 11241100x8000000000000000656902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367a278e293415df2021-12-21 12:22:18.694root 11241100x8000000000000000656903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fcda4c7bfa09bd2021-12-21 12:22:18.694root 11241100x8000000000000000656904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dd198f2f2059e62021-12-21 12:22:18.694root 11241100x8000000000000000656905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d0578d5b40b2692021-12-21 12:22:18.694root 11241100x8000000000000000656906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c9deb8410687ac2021-12-21 12:22:18.694root 11241100x8000000000000000656907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e9d9f699c7fd722021-12-21 12:22:18.694root 11241100x8000000000000000656908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af80100f043c41082021-12-21 12:22:18.694root 11241100x8000000000000000656909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ddcb15333e804b2021-12-21 12:22:18.694root 11241100x8000000000000000656910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0886692ac41dd772021-12-21 12:22:18.694root 11241100x8000000000000000656911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e61cf60ee17d762021-12-21 12:22:18.694root 11241100x8000000000000000656912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0606cf1e14b69fe12021-12-21 12:22:18.694root 11241100x8000000000000000656913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9c385ba21f03b12021-12-21 12:22:18.694root 11241100x8000000000000000656914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b92eb3f48e31cf92021-12-21 12:22:19.193root 11241100x8000000000000000656915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223686c42a44f32e2021-12-21 12:22:19.193root 11241100x8000000000000000656916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8108b3b238ad8fd72021-12-21 12:22:19.193root 11241100x8000000000000000656917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24e23a267f401ae2021-12-21 12:22:19.194root 11241100x8000000000000000656918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe0f943e98f99912021-12-21 12:22:19.194root 11241100x8000000000000000656919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79d95de1d4112a72021-12-21 12:22:19.194root 11241100x8000000000000000656920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68222414fc7bbad52021-12-21 12:22:19.194root 11241100x8000000000000000656921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39af04b6adfdbc7b2021-12-21 12:22:19.194root 11241100x8000000000000000656922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced58674cbb100e32021-12-21 12:22:19.194root 11241100x8000000000000000656923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcab07d6b92eaf22021-12-21 12:22:19.194root 11241100x8000000000000000656924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9322722d1168b7942021-12-21 12:22:19.194root 11241100x8000000000000000656925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9a5e336dda44e92021-12-21 12:22:19.194root 11241100x8000000000000000656926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c51633b511b6ee2021-12-21 12:22:19.194root 11241100x8000000000000000656927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb0b4f1e54dc1ed2021-12-21 12:22:19.195root 11241100x8000000000000000656928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91aaef27b4b2c552021-12-21 12:22:19.195root 11241100x8000000000000000656929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a89549daf811e62021-12-21 12:22:19.195root 11241100x8000000000000000656930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9221566916f75fc42021-12-21 12:22:19.195root 11241100x8000000000000000656931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0693fccf8e578d2021-12-21 12:22:19.195root 11241100x8000000000000000656932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52ee873960fe1f62021-12-21 12:22:19.195root 11241100x8000000000000000656933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54939c13c5cc7d482021-12-21 12:22:19.693root 11241100x8000000000000000656934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694a21aca9dbfecc2021-12-21 12:22:19.694root 11241100x8000000000000000656935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b57655d1c4b7a932021-12-21 12:22:19.694root 11241100x8000000000000000656936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39cbe6f7371fed12021-12-21 12:22:19.694root 11241100x8000000000000000656937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa67988acc0422da2021-12-21 12:22:19.694root 11241100x8000000000000000656938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d337b640f8eb7842021-12-21 12:22:19.694root 11241100x8000000000000000656939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1790ea67a88fe692021-12-21 12:22:19.694root 11241100x8000000000000000656940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72b1b3be8070f432021-12-21 12:22:19.694root 11241100x8000000000000000656941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec56ad0690b1eb52021-12-21 12:22:19.694root 11241100x8000000000000000656942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223047bfc926cdbb2021-12-21 12:22:19.694root 11241100x8000000000000000656943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacb1c62088fdace2021-12-21 12:22:19.694root 11241100x8000000000000000656944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513e90b4da2e445f2021-12-21 12:22:19.694root 11241100x8000000000000000656945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f72b2a92d676a72021-12-21 12:22:19.694root 11241100x8000000000000000656946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5db0ec4cf71ce0f2021-12-21 12:22:19.694root 11241100x8000000000000000656947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294adab4b7676d4e2021-12-21 12:22:19.694root 11241100x8000000000000000656948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a56f51b321f052e2021-12-21 12:22:19.695root 11241100x8000000000000000656949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a051f21a1814812021-12-21 12:22:19.695root 11241100x8000000000000000656950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd8330507f9c74a2021-12-21 12:22:19.695root 11241100x8000000000000000656951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e6656897510e532021-12-21 12:22:19.695root 354300x8000000000000000656952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.132{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49890-false10.0.1.12-8000- 11241100x8000000000000000656953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc893e062a3242a62021-12-21 12:22:20.133root 11241100x8000000000000000656954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a718b07382a39a732021-12-21 12:22:20.133root 11241100x8000000000000000656955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7202159205ec643c2021-12-21 12:22:20.133root 11241100x8000000000000000656956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3167aca31c20ecd52021-12-21 12:22:20.133root 11241100x8000000000000000656957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a08597ec9d898a2021-12-21 12:22:20.133root 11241100x8000000000000000656958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245a2b42c74600a02021-12-21 12:22:20.133root 11241100x8000000000000000656959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6611ba26ab41489a2021-12-21 12:22:20.133root 11241100x8000000000000000656960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a991d257455b2a2021-12-21 12:22:20.133root 11241100x8000000000000000656961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495996e25c9776512021-12-21 12:22:20.134root 11241100x8000000000000000656962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6d01e9ead7746f2021-12-21 12:22:20.134root 11241100x8000000000000000656963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa0cfeba1d365512021-12-21 12:22:20.134root 11241100x8000000000000000656964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a919cc62726a7f392021-12-21 12:22:20.134root 11241100x8000000000000000656965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d237a5a4f7983d612021-12-21 12:22:20.135root 11241100x8000000000000000656966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12ee28328cffdc62021-12-21 12:22:20.136root 11241100x8000000000000000656967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70aa04b883bbf492021-12-21 12:22:20.136root 11241100x8000000000000000656968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96df6d747e35a5242021-12-21 12:22:20.137root 11241100x8000000000000000656969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f1862ee31ec5702021-12-21 12:22:20.137root 11241100x8000000000000000656970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15a9f14b16819892021-12-21 12:22:20.138root 11241100x8000000000000000656971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0fc3fafc65ce032021-12-21 12:22:20.138root 11241100x8000000000000000656972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38c01e0236e02002021-12-21 12:22:20.139root 11241100x8000000000000000656973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f06be70392b84f32021-12-21 12:22:20.139root 11241100x8000000000000000656974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8801b9acfa5755e62021-12-21 12:22:20.139root 11241100x8000000000000000656975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c465aea5e45d9d7a2021-12-21 12:22:20.140root 11241100x8000000000000000656976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9757552320fc134d2021-12-21 12:22:20.140root 11241100x8000000000000000656977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ca30cf3b0c1ca82021-12-21 12:22:20.140root 11241100x8000000000000000656978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854e304fcaa26b882021-12-21 12:22:20.140root 11241100x8000000000000000656979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209305f3722a5bc72021-12-21 12:22:20.140root 11241100x8000000000000000656980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c76b9446b9aa0bd2021-12-21 12:22:20.141root 11241100x8000000000000000656981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61b6ad97f7408b32021-12-21 12:22:20.443root 11241100x8000000000000000656982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1250e93260fa770b2021-12-21 12:22:20.443root 11241100x8000000000000000656983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44676d3e9fb21f52021-12-21 12:22:20.443root 11241100x8000000000000000656984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bf9c619db3e2192021-12-21 12:22:20.443root 11241100x8000000000000000656985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a8e40b5b9ebfc22021-12-21 12:22:20.443root 11241100x8000000000000000656986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd5ebc9ac7b4b8e2021-12-21 12:22:20.443root 11241100x8000000000000000656987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be445702cef86e362021-12-21 12:22:20.443root 11241100x8000000000000000656988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ba43ccdfc494ef2021-12-21 12:22:20.443root 11241100x8000000000000000656989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb939cd40be2febf2021-12-21 12:22:20.443root 11241100x8000000000000000656990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88945c70255e40162021-12-21 12:22:20.444root 11241100x8000000000000000656991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c78caa8b67f0c162021-12-21 12:22:20.444root 11241100x8000000000000000656992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae125449e9c272c72021-12-21 12:22:20.444root 11241100x8000000000000000656993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af1b592b1109ca02021-12-21 12:22:20.444root 11241100x8000000000000000656994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6011e5acfb0878252021-12-21 12:22:20.444root 11241100x8000000000000000656995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dd4357a6e471592021-12-21 12:22:20.444root 11241100x8000000000000000656996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590d5a8dcff61af52021-12-21 12:22:20.444root 11241100x8000000000000000656997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe973a0f65750fe12021-12-21 12:22:20.444root 11241100x8000000000000000656998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ec46e4bcfad36a2021-12-21 12:22:20.444root 11241100x8000000000000000656999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b1eea6d42d96512021-12-21 12:22:20.444root 11241100x8000000000000000657000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed4e9558af9f9792021-12-21 12:22:20.444root 11241100x8000000000000000657001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c1704bcfecb3ac2021-12-21 12:22:20.444root 11241100x8000000000000000657002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f7ed2d32367a202021-12-21 12:22:20.444root 11241100x8000000000000000657003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263fbaa77e5243dd2021-12-21 12:22:20.445root 11241100x8000000000000000657004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b19d994f4191fe2021-12-21 12:22:20.445root 11241100x8000000000000000657005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4e0b903751bb742021-12-21 12:22:20.943root 11241100x8000000000000000657006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf36f74ab73131a2021-12-21 12:22:20.943root 11241100x8000000000000000657007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193dcb1840bc1af52021-12-21 12:22:20.943root 11241100x8000000000000000657008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2e039c82df7aa52021-12-21 12:22:20.943root 11241100x8000000000000000657009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73fbba5326d58b62021-12-21 12:22:20.944root 11241100x8000000000000000657010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb53737ea927be8d2021-12-21 12:22:20.944root 11241100x8000000000000000657011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437b5a58284567732021-12-21 12:22:20.944root 11241100x8000000000000000657012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90f8adde98fa4422021-12-21 12:22:20.944root 11241100x8000000000000000657013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7df0241a74f40a2021-12-21 12:22:20.944root 11241100x8000000000000000657014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b443a6444c04402a2021-12-21 12:22:20.944root 11241100x8000000000000000657015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c28429f5fdf71682021-12-21 12:22:20.944root 11241100x8000000000000000657016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808af6e4ef4609bc2021-12-21 12:22:20.944root 11241100x8000000000000000657017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b68c3370458f4f2021-12-21 12:22:20.944root 11241100x8000000000000000657018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3c540d63fc87832021-12-21 12:22:20.944root 11241100x8000000000000000657019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82930e61ec4dfac2021-12-21 12:22:20.944root 11241100x8000000000000000657020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529392c3926d5fce2021-12-21 12:22:20.944root 11241100x8000000000000000657021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819af02ce182edc42021-12-21 12:22:20.944root 11241100x8000000000000000657022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70b6bcc9a8b76fc2021-12-21 12:22:20.945root 11241100x8000000000000000657023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c99129c83163b8d2021-12-21 12:22:20.945root 11241100x8000000000000000657024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b979d236468746d2021-12-21 12:22:20.945root 534500x8000000000000000657025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:20.971{00000000-0000-0000-0000-000000000000}10023<unknown process>root 11241100x8000000000000000657026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adafcb7895b5be6c2021-12-21 12:22:21.443root 11241100x8000000000000000657027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766449887d56d67e2021-12-21 12:22:21.443root 11241100x8000000000000000657028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fc3ee520758af82021-12-21 12:22:21.443root 11241100x8000000000000000657029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d0dc530bd76a8e2021-12-21 12:22:21.443root 11241100x8000000000000000657030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d339bce5181006ef2021-12-21 12:22:21.444root 11241100x8000000000000000657031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d52b91a502ec2dd2021-12-21 12:22:21.444root 11241100x8000000000000000657032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9654ed7fd97d22942021-12-21 12:22:21.444root 11241100x8000000000000000657033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25f53502641bd502021-12-21 12:22:21.444root 11241100x8000000000000000657034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07aa40b08b06244e2021-12-21 12:22:21.444root 11241100x8000000000000000657035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d765347a431639632021-12-21 12:22:21.444root 11241100x8000000000000000657036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71568e9c20869bd02021-12-21 12:22:21.444root 11241100x8000000000000000657037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108563b41fd2c39a2021-12-21 12:22:21.444root 11241100x8000000000000000657038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043203e0d05fee352021-12-21 12:22:21.444root 11241100x8000000000000000657039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7def95f1eef2872021-12-21 12:22:21.444root 11241100x8000000000000000657040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b38ed4fef0445c2021-12-21 12:22:21.444root 11241100x8000000000000000657041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b77c94b5e47cc62021-12-21 12:22:21.444root 11241100x8000000000000000657042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf66a4ca943826d42021-12-21 12:22:21.444root 11241100x8000000000000000657043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01f0ccb9ae6c4712021-12-21 12:22:21.444root 11241100x8000000000000000657044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c602ab92a04eac22021-12-21 12:22:21.445root 11241100x8000000000000000657045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349ae6145769191b2021-12-21 12:22:21.445root 11241100x8000000000000000657046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef776596417083382021-12-21 12:22:21.445root 11241100x8000000000000000657047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d5831c3e8e7c4e2021-12-21 12:22:21.943root 11241100x8000000000000000657048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dba849dc432b2a2021-12-21 12:22:21.943root 11241100x8000000000000000657049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05c0d2c1dece6482021-12-21 12:22:21.944root 11241100x8000000000000000657050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8033681ec8c48ffc2021-12-21 12:22:21.944root 11241100x8000000000000000657051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a900ee49ef32382021-12-21 12:22:21.944root 11241100x8000000000000000657052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928dcb5d297c23382021-12-21 12:22:21.944root 11241100x8000000000000000657053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4066047015a72a3f2021-12-21 12:22:21.944root 11241100x8000000000000000657054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbe827ede72683d2021-12-21 12:22:21.944root 11241100x8000000000000000657055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0773972545f400512021-12-21 12:22:21.944root 11241100x8000000000000000657056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aeecf59515845972021-12-21 12:22:21.944root 11241100x8000000000000000657057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b134e67e0b67c932021-12-21 12:22:21.944root 11241100x8000000000000000657058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41557b2fa14675462021-12-21 12:22:21.944root 11241100x8000000000000000657059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a47ad255399775a2021-12-21 12:22:21.944root 11241100x8000000000000000657060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac67335b1271d012021-12-21 12:22:21.944root 11241100x8000000000000000657061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9269b4bb33673e2021-12-21 12:22:21.944root 11241100x8000000000000000657062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1ed7de915d9b892021-12-21 12:22:21.944root 11241100x8000000000000000657063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54acccc0c3254922021-12-21 12:22:21.944root 11241100x8000000000000000657064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc75fc5b0bc226562021-12-21 12:22:21.945root 11241100x8000000000000000657065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5474f2570bd5ce0a2021-12-21 12:22:21.945root 11241100x8000000000000000657066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd49c0db30612562021-12-21 12:22:21.945root 11241100x8000000000000000657067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efaf778da78369482021-12-21 12:22:21.945root 11241100x8000000000000000657068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cad436103174b1c2021-12-21 12:22:22.443root 11241100x8000000000000000657069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13759a41fd324002021-12-21 12:22:22.443root 11241100x8000000000000000657070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68657a69c867ddc2021-12-21 12:22:22.443root 11241100x8000000000000000657071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9eb5f903e8739b2021-12-21 12:22:22.443root 11241100x8000000000000000657072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7243fed1fca418e22021-12-21 12:22:22.444root 11241100x8000000000000000657073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c357e95d8bf9652021-12-21 12:22:22.444root 11241100x8000000000000000657074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba850257ba4fa75c2021-12-21 12:22:22.444root 11241100x8000000000000000657075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680a35d400a5dac02021-12-21 12:22:22.444root 11241100x8000000000000000657076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34150b8a8ba9a0e62021-12-21 12:22:22.444root 11241100x8000000000000000657077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4234d36e81208fd62021-12-21 12:22:22.444root 11241100x8000000000000000657078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47bfdc9e9a191332021-12-21 12:22:22.444root 11241100x8000000000000000657079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59ef7d15a2cd87b2021-12-21 12:22:22.444root 11241100x8000000000000000657080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e9af6dd50363db2021-12-21 12:22:22.444root 11241100x8000000000000000657081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a30d365bf382ed82021-12-21 12:22:22.444root 11241100x8000000000000000657082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c888e8eca208408b2021-12-21 12:22:22.444root 11241100x8000000000000000657083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43af9c047374c492021-12-21 12:22:22.444root 11241100x8000000000000000657084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba5492168cedb202021-12-21 12:22:22.444root 11241100x8000000000000000657085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e16e0f8073d798c2021-12-21 12:22:22.444root 11241100x8000000000000000657086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6eacedcee309d72021-12-21 12:22:22.445root 11241100x8000000000000000657087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28b1293fb141a892021-12-21 12:22:22.445root 11241100x8000000000000000657088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf83bfa2a60608752021-12-21 12:22:22.445root 11241100x8000000000000000657089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402ff6fb961bb3f02021-12-21 12:22:22.943root 11241100x8000000000000000657090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d739d19c2a30360d2021-12-21 12:22:22.943root 11241100x8000000000000000657091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251a8f28c5f06c242021-12-21 12:22:22.943root 11241100x8000000000000000657092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe387573261cc05e2021-12-21 12:22:22.943root 11241100x8000000000000000657093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298f17088e1fad632021-12-21 12:22:22.944root 11241100x8000000000000000657094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9a7abcb1b8c41b2021-12-21 12:22:22.944root 11241100x8000000000000000657095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39b8ec032cff6232021-12-21 12:22:22.944root 11241100x8000000000000000657096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c136ecb951a19b4c2021-12-21 12:22:22.944root 11241100x8000000000000000657097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee000676baf66382021-12-21 12:22:22.944root 11241100x8000000000000000657098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3178e683c8a8799b2021-12-21 12:22:22.944root 11241100x8000000000000000657099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ee1109dfb6600b2021-12-21 12:22:22.944root 11241100x8000000000000000657100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a595e157660a052021-12-21 12:22:22.944root 11241100x8000000000000000657101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98a77f5e27d8be02021-12-21 12:22:22.944root 11241100x8000000000000000657102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f4c20edd09a7522021-12-21 12:22:22.944root 11241100x8000000000000000657103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d4d0fa36eff5ed2021-12-21 12:22:22.944root 11241100x8000000000000000657104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88e6f5da54aafa92021-12-21 12:22:22.944root 11241100x8000000000000000657105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ce696ebfbc2c452021-12-21 12:22:22.944root 11241100x8000000000000000657106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea1e8d5bdcc85fb2021-12-21 12:22:22.944root 11241100x8000000000000000657107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e219bc4324cd5022021-12-21 12:22:22.944root 11241100x8000000000000000657108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39cdbb2ced5f85a2021-12-21 12:22:22.945root 11241100x8000000000000000657109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9867c429724727852021-12-21 12:22:22.945root 11241100x8000000000000000657110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557691bf27b3b40a2021-12-21 12:22:23.443root 11241100x8000000000000000657111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4530ff11ab28c2d2021-12-21 12:22:23.443root 11241100x8000000000000000657112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6a385b073d21ac2021-12-21 12:22:23.443root 11241100x8000000000000000657113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4020537c8ed4e3212021-12-21 12:22:23.443root 11241100x8000000000000000657114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43547bbd5ca33e02021-12-21 12:22:23.444root 11241100x8000000000000000657115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9dfc7dd1ecef1162021-12-21 12:22:23.444root 11241100x8000000000000000657116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf53c8d22384d892021-12-21 12:22:23.444root 11241100x8000000000000000657117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b447d17f7f2b6c002021-12-21 12:22:23.444root 11241100x8000000000000000657118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f272454daee71e2021-12-21 12:22:23.444root 11241100x8000000000000000657119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c291ec84472be32021-12-21 12:22:23.444root 11241100x8000000000000000657120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffb69215ab6cd772021-12-21 12:22:23.444root 11241100x8000000000000000657121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa82674119978a142021-12-21 12:22:23.444root 11241100x8000000000000000657122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35962c805581fa702021-12-21 12:22:23.444root 11241100x8000000000000000657123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d23fb915ea2efa2021-12-21 12:22:23.444root 11241100x8000000000000000657124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa3d668ac3f17e72021-12-21 12:22:23.445root 11241100x8000000000000000657125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de29db1eba81c8642021-12-21 12:22:23.445root 11241100x8000000000000000657126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cd95c02b1b6b512021-12-21 12:22:23.445root 11241100x8000000000000000657127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0803252819d2c21b2021-12-21 12:22:23.445root 11241100x8000000000000000657128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eb43f4c54d4a422021-12-21 12:22:23.445root 11241100x8000000000000000657129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7138c340d411dcac2021-12-21 12:22:23.445root 11241100x8000000000000000657130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ca65617d4437302021-12-21 12:22:23.445root 11241100x8000000000000000657131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc188ed34daca17f2021-12-21 12:22:23.943root 11241100x8000000000000000657132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346135158dea02952021-12-21 12:22:23.943root 11241100x8000000000000000657133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878bfd1fbae104ce2021-12-21 12:22:23.943root 11241100x8000000000000000657134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c26396c38d53f42021-12-21 12:22:23.943root 11241100x8000000000000000657135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa5245853a8414b2021-12-21 12:22:23.944root 11241100x8000000000000000657136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4df6821e113c3f2021-12-21 12:22:23.944root 11241100x8000000000000000657137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9a7e634b26d03d2021-12-21 12:22:23.944root 11241100x8000000000000000657138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba46247a790102a2021-12-21 12:22:23.944root 11241100x8000000000000000657139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84182f68aa0bc102021-12-21 12:22:23.944root 11241100x8000000000000000657140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5203c303f5de392021-12-21 12:22:23.944root 11241100x8000000000000000657141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad6f64358347edd2021-12-21 12:22:23.944root 11241100x8000000000000000657142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ca433c8d597ec22021-12-21 12:22:23.944root 11241100x8000000000000000657143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e76eff8f395651c2021-12-21 12:22:23.944root 11241100x8000000000000000657144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6578655eda14a75c2021-12-21 12:22:23.944root 11241100x8000000000000000657145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f27b00204d317e2021-12-21 12:22:23.944root 11241100x8000000000000000657146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fb97492714bf922021-12-21 12:22:23.944root 11241100x8000000000000000657147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1144cb1c457808362021-12-21 12:22:23.944root 11241100x8000000000000000657148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee9fe3545eb63d52021-12-21 12:22:23.944root 11241100x8000000000000000657149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c35b8ede67f1e22021-12-21 12:22:23.944root 11241100x8000000000000000657150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f8510b28127ed32021-12-21 12:22:23.944root 11241100x8000000000000000657151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013852757430b6172021-12-21 12:22:23.945root 11241100x8000000000000000657152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a430a966d97c47b2021-12-21 12:22:24.443root 11241100x8000000000000000657153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbc5340ca7a81ba2021-12-21 12:22:24.443root 11241100x8000000000000000657154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d2b9b85f3522a12021-12-21 12:22:24.443root 11241100x8000000000000000657155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fde4193db579052021-12-21 12:22:24.444root 11241100x8000000000000000657156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59e3724959674e02021-12-21 12:22:24.444root 11241100x8000000000000000657157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7364dbd13c2a9d2021-12-21 12:22:24.444root 11241100x8000000000000000657158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4c6b0f0ffccec52021-12-21 12:22:24.444root 11241100x8000000000000000657159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e544a6b7aa12e6a2021-12-21 12:22:24.444root 11241100x8000000000000000657160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba3ec721ed0c7a52021-12-21 12:22:24.444root 11241100x8000000000000000657161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a51b385d4cf89fe2021-12-21 12:22:24.444root 11241100x8000000000000000657162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bdc2b5d85909642021-12-21 12:22:24.444root 11241100x8000000000000000657163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed354f84ef00ee12021-12-21 12:22:24.444root 11241100x8000000000000000657164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59f519f2d928b4b2021-12-21 12:22:24.444root 11241100x8000000000000000657165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b015792ebbc091362021-12-21 12:22:24.444root 11241100x8000000000000000657166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3b5ae63a6215f92021-12-21 12:22:24.444root 11241100x8000000000000000657167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1e685d032f512f2021-12-21 12:22:24.444root 11241100x8000000000000000657168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2dc9ebdbbf3ad132021-12-21 12:22:24.444root 11241100x8000000000000000657169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a012d52e23d60b1e2021-12-21 12:22:24.444root 11241100x8000000000000000657170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731704687d801be02021-12-21 12:22:24.445root 11241100x8000000000000000657171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1458b6c71046662021-12-21 12:22:24.445root 11241100x8000000000000000657172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e153caf7babdfb2021-12-21 12:22:24.445root 11241100x8000000000000000657173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41c7ba0f47f2b102021-12-21 12:22:24.943root 11241100x8000000000000000657174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab8b8d48d3b928d2021-12-21 12:22:24.943root 11241100x8000000000000000657175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef710da73f4dc072021-12-21 12:22:24.943root 11241100x8000000000000000657176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b79287cc74a021f2021-12-21 12:22:24.943root 11241100x8000000000000000657177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308eb4a6f1b7a8042021-12-21 12:22:24.944root 11241100x8000000000000000657178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539058e33e48a4ea2021-12-21 12:22:24.944root 11241100x8000000000000000657179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc4e5dbf2e2668d2021-12-21 12:22:24.944root 11241100x8000000000000000657180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a77497cebfde8c2021-12-21 12:22:24.944root 11241100x8000000000000000657181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5b7680440c6c142021-12-21 12:22:24.944root 11241100x8000000000000000657182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce0b85cd29ec5f42021-12-21 12:22:24.944root 11241100x8000000000000000657183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2089b14197501ed52021-12-21 12:22:24.944root 11241100x8000000000000000657184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb76d2796d250b7f2021-12-21 12:22:24.944root 11241100x8000000000000000657185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9715f86aba3296dc2021-12-21 12:22:24.944root 11241100x8000000000000000657186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb0359bd482e4632021-12-21 12:22:24.944root 11241100x8000000000000000657187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd9624e92eed19b2021-12-21 12:22:24.944root 11241100x8000000000000000657188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c72bc546ee0f1e2021-12-21 12:22:24.944root 11241100x8000000000000000657189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4307b7bc23c446f2021-12-21 12:22:24.944root 11241100x8000000000000000657190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab46b3138f5e80c2021-12-21 12:22:24.944root 11241100x8000000000000000657191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9817f197775a74c22021-12-21 12:22:24.944root 11241100x8000000000000000657192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6c7fb2f8528bec2021-12-21 12:22:24.945root 11241100x8000000000000000657193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ebf23b220da99e2021-12-21 12:22:24.945root 354300x8000000000000000657194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.253{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49892-false10.0.1.12-8000- 11241100x8000000000000000657195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a105f9a9d80be0ff2021-12-21 12:22:25.254root 11241100x8000000000000000657196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c03d4525ff7c902021-12-21 12:22:25.254root 11241100x8000000000000000657197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5604f1da5b7c672021-12-21 12:22:25.254root 11241100x8000000000000000657198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fabc9131a0b9feb2021-12-21 12:22:25.254root 11241100x8000000000000000657199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9e54244963c6622021-12-21 12:22:25.254root 11241100x8000000000000000657200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d279c475c164e362021-12-21 12:22:25.254root 11241100x8000000000000000657201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16af1f3054a9c41e2021-12-21 12:22:25.254root 11241100x8000000000000000657202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0198a575b0c10a2021-12-21 12:22:25.255root 11241100x8000000000000000657203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564623d1edfd0fcf2021-12-21 12:22:25.255root 11241100x8000000000000000657204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b23a819c0005462021-12-21 12:22:25.255root 11241100x8000000000000000657205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001f6412862bc8d22021-12-21 12:22:25.255root 11241100x8000000000000000657206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448ece06fdc0f2c72021-12-21 12:22:25.255root 11241100x8000000000000000657207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af93d392e23a9fb42021-12-21 12:22:25.255root 11241100x8000000000000000657208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087507cc18ac9a462021-12-21 12:22:25.255root 11241100x8000000000000000657209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011ca2e0fce2e8df2021-12-21 12:22:25.256root 11241100x8000000000000000657210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d841a468aa1f0562021-12-21 12:22:25.256root 11241100x8000000000000000657211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7499492b51edf85b2021-12-21 12:22:25.256root 11241100x8000000000000000657212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2605e9992b30c4de2021-12-21 12:22:25.256root 11241100x8000000000000000657213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c08a168ee124bf2021-12-21 12:22:25.256root 11241100x8000000000000000657214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871eab825462b8f12021-12-21 12:22:25.256root 11241100x8000000000000000657215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fb4d1d1fe301e82021-12-21 12:22:25.256root 11241100x8000000000000000657216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92c45799a0b52af2021-12-21 12:22:25.256root 11241100x8000000000000000657217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54b76f911b0abbb2021-12-21 12:22:25.256root 11241100x8000000000000000657218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fd7686c05dba232021-12-21 12:22:25.256root 11241100x8000000000000000657219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f0c675af0f1e992021-12-21 12:22:25.256root 11241100x8000000000000000657220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e235195d4c5d3392021-12-21 12:22:25.257root 11241100x8000000000000000657221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2783498693d482b2021-12-21 12:22:25.257root 11241100x8000000000000000657222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecfa71df7cc4f032021-12-21 12:22:25.257root 11241100x8000000000000000657223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8378885eb4465fd62021-12-21 12:22:25.257root 11241100x8000000000000000657224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6995bb9f11a4c2c32021-12-21 12:22:25.257root 11241100x8000000000000000657225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c5950736c7bdf22021-12-21 12:22:25.257root 11241100x8000000000000000657226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cda17c8c51bf332021-12-21 12:22:25.257root 11241100x8000000000000000657227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daab210872d9ba3b2021-12-21 12:22:25.257root 11241100x8000000000000000657228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30ef6a842cab90b2021-12-21 12:22:25.257root 11241100x8000000000000000657229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3274921fce3a9ae02021-12-21 12:22:25.258root 11241100x8000000000000000657230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796d2e7d84a331002021-12-21 12:22:25.258root 11241100x8000000000000000657231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd8e0d64dc7df6c2021-12-21 12:22:25.258root 11241100x8000000000000000657232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcec66cfb6d6f702021-12-21 12:22:25.258root 11241100x8000000000000000657233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c058a2df7944199c2021-12-21 12:22:25.258root 11241100x8000000000000000657234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdefc11e9519b24e2021-12-21 12:22:25.258root 11241100x8000000000000000657235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428ca3d0fb3882b22021-12-21 12:22:25.258root 11241100x8000000000000000657236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663cbab99482f5ef2021-12-21 12:22:25.258root 11241100x8000000000000000657237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3895e477a38566192021-12-21 12:22:25.258root 11241100x8000000000000000657238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53e6f67bcf960da2021-12-21 12:22:25.258root 11241100x8000000000000000657239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e66e2319e5c95232021-12-21 12:22:25.259root 11241100x8000000000000000657240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5883533aa4afc502021-12-21 12:22:25.259root 11241100x8000000000000000657241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8eabc9e7efd57e22021-12-21 12:22:25.259root 11241100x8000000000000000657242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497a8b99b92ae3072021-12-21 12:22:25.259root 11241100x8000000000000000657243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bfea3ca4070aad2021-12-21 12:22:25.259root 11241100x8000000000000000657244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95118210ee5a78452021-12-21 12:22:25.693root 11241100x8000000000000000657245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3bc85256e9cdcc2021-12-21 12:22:25.693root 11241100x8000000000000000657246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a3aebf2ffb2aaa2021-12-21 12:22:25.693root 11241100x8000000000000000657247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aed6eb745e5cc922021-12-21 12:22:25.694root 11241100x8000000000000000657248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4531fec894df3cd42021-12-21 12:22:25.694root 11241100x8000000000000000657249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b75f86061c69e8f2021-12-21 12:22:25.694root 11241100x8000000000000000657250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a741819671d84852021-12-21 12:22:25.694root 11241100x8000000000000000657251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8294d54e31120da2021-12-21 12:22:25.694root 11241100x8000000000000000657252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e52880cdc90e1862021-12-21 12:22:25.694root 11241100x8000000000000000657253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b4cd7f8c2c7bcb2021-12-21 12:22:25.694root 11241100x8000000000000000657254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2f2ef4a18030a62021-12-21 12:22:25.694root 11241100x8000000000000000657255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756adcd8e03656452021-12-21 12:22:25.694root 11241100x8000000000000000657256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c5a0d0502ec8c82021-12-21 12:22:25.694root 11241100x8000000000000000657257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974b524f0c4798d52021-12-21 12:22:25.694root 11241100x8000000000000000657258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762967d5b75cae262021-12-21 12:22:25.695root 11241100x8000000000000000657259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596d49a83a6f3dd72021-12-21 12:22:25.695root 11241100x8000000000000000657260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26b4422736169032021-12-21 12:22:25.695root 11241100x8000000000000000657261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd16a54e50e01912021-12-21 12:22:25.695root 11241100x8000000000000000657262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6aa98cc98d174552021-12-21 12:22:25.695root 11241100x8000000000000000657263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9d15fa24e9376a2021-12-21 12:22:25.695root 11241100x8000000000000000657264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f25b3f23f1b501d2021-12-21 12:22:25.695root 11241100x8000000000000000657265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303aac3c6c6e47852021-12-21 12:22:25.695root 354300x8000000000000000657266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:25.798{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-36958-false10.0.1.12-8089- 11241100x8000000000000000657267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91af9274c0e7f572021-12-21 12:22:26.193root 11241100x8000000000000000657268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b046c77e89a2e42021-12-21 12:22:26.193root 11241100x8000000000000000657269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a476f2af426ffe2021-12-21 12:22:26.193root 11241100x8000000000000000657270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251132c22515fb302021-12-21 12:22:26.193root 11241100x8000000000000000657271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15222c0ccfdf339d2021-12-21 12:22:26.193root 11241100x8000000000000000657272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a879a33111a60472021-12-21 12:22:26.194root 11241100x8000000000000000657273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae65f0a98a96caaa2021-12-21 12:22:26.194root 11241100x8000000000000000657274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a452b9797c3edcca2021-12-21 12:22:26.194root 11241100x8000000000000000657275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eacae13f8ba76c2021-12-21 12:22:26.194root 11241100x8000000000000000657276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfb9223a33f29332021-12-21 12:22:26.194root 11241100x8000000000000000657277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b368d20ab15717a82021-12-21 12:22:26.194root 11241100x8000000000000000657278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b03a3eff57e1332021-12-21 12:22:26.194root 11241100x8000000000000000657279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f3a4d73f7dbf0c2021-12-21 12:22:26.194root 11241100x8000000000000000657280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23271bce3c89d652021-12-21 12:22:26.194root 11241100x8000000000000000657281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34229a097219b4942021-12-21 12:22:26.194root 11241100x8000000000000000657282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b23c274ae538e892021-12-21 12:22:26.194root 11241100x8000000000000000657283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7dcfefdf9c2d4622021-12-21 12:22:26.194root 11241100x8000000000000000657284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b86294e03583fd72021-12-21 12:22:26.195root 11241100x8000000000000000657285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249e79fc510721dc2021-12-21 12:22:26.195root 11241100x8000000000000000657286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c9a14aafd62fd62021-12-21 12:22:26.195root 11241100x8000000000000000657287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ed059effb04ceb2021-12-21 12:22:26.195root 11241100x8000000000000000657288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15e446f5013dbd02021-12-21 12:22:26.195root 11241100x8000000000000000657289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55c6f66154b939c2021-12-21 12:22:26.195root 11241100x8000000000000000657290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aabfffcb31a7eb12021-12-21 12:22:26.693root 11241100x8000000000000000657291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e420ffae72fbac2021-12-21 12:22:26.693root 11241100x8000000000000000657292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36fc11e8959a50e2021-12-21 12:22:26.694root 11241100x8000000000000000657293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4c57572f829c9e2021-12-21 12:22:26.694root 11241100x8000000000000000657294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0a252f63e972f72021-12-21 12:22:26.694root 11241100x8000000000000000657295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224f735e3d15e2422021-12-21 12:22:26.694root 11241100x8000000000000000657296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a9475a4859f5202021-12-21 12:22:26.694root 11241100x8000000000000000657297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ce640d60c2060b2021-12-21 12:22:26.695root 11241100x8000000000000000657298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc9c72c61f94a732021-12-21 12:22:26.695root 11241100x8000000000000000657299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dd2bcfd31a02c62021-12-21 12:22:26.695root 11241100x8000000000000000657300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94da96687cd65d62021-12-21 12:22:26.695root 11241100x8000000000000000657301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07c9b1ca0c1f8f72021-12-21 12:22:26.695root 11241100x8000000000000000657302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2ae44dd752ca242021-12-21 12:22:26.695root 11241100x8000000000000000657303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb6abd63a5b93ff2021-12-21 12:22:26.696root 11241100x8000000000000000657304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dde51eb07382d62021-12-21 12:22:26.696root 11241100x8000000000000000657305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48438648291521f2021-12-21 12:22:26.696root 11241100x8000000000000000657306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e950087a5dd88e2021-12-21 12:22:26.696root 11241100x8000000000000000657307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed2954169306cc52021-12-21 12:22:26.696root 11241100x8000000000000000657308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ada165c310f6bc2021-12-21 12:22:26.697root 11241100x8000000000000000657309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cc66563bde37312021-12-21 12:22:26.697root 11241100x8000000000000000657310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3758d3f9859d03572021-12-21 12:22:26.697root 11241100x8000000000000000657311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526a08496c8b745f2021-12-21 12:22:26.697root 11241100x8000000000000000657312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:26.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4691960069a1682021-12-21 12:22:26.697root 11241100x8000000000000000657313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9169ee06580ac72021-12-21 12:22:27.193root 11241100x8000000000000000657314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7970ec99e0cb542021-12-21 12:22:27.193root 11241100x8000000000000000657315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d764c7e6c9b3b6b2021-12-21 12:22:27.194root 11241100x8000000000000000657316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbee5cbae2248862021-12-21 12:22:27.194root 11241100x8000000000000000657317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5e444634ecd66a2021-12-21 12:22:27.194root 11241100x8000000000000000657318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea2ce9d93001bd02021-12-21 12:22:27.194root 11241100x8000000000000000657319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0ba37dac6c31812021-12-21 12:22:27.194root 11241100x8000000000000000657320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dc82ae8935daef2021-12-21 12:22:27.194root 11241100x8000000000000000657321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a68203cac0dd3312021-12-21 12:22:27.194root 11241100x8000000000000000657322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f58d93164427192021-12-21 12:22:27.194root 11241100x8000000000000000657323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101e6f3b0417833f2021-12-21 12:22:27.194root 11241100x8000000000000000657324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17220761950c75ef2021-12-21 12:22:27.194root 11241100x8000000000000000657325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d15294eabe06ae52021-12-21 12:22:27.194root 11241100x8000000000000000657326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21444f7e60dca8c72021-12-21 12:22:27.194root 11241100x8000000000000000657327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63193e04d88061ba2021-12-21 12:22:27.194root 11241100x8000000000000000657328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3319f33e52110452021-12-21 12:22:27.194root 11241100x8000000000000000657329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308df909fef0e1512021-12-21 12:22:27.194root 11241100x8000000000000000657330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9588bb40c5e3d9a82021-12-21 12:22:27.195root 11241100x8000000000000000657331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63acbf18b5f231552021-12-21 12:22:27.195root 11241100x8000000000000000657332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce5f7c83f7cc33e2021-12-21 12:22:27.195root 11241100x8000000000000000657333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9207df1418b8cd2021-12-21 12:22:27.195root 11241100x8000000000000000657334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7147f06faea85b772021-12-21 12:22:27.195root 11241100x8000000000000000657335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688074db8a8785c42021-12-21 12:22:27.195root 11241100x8000000000000000657336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c7c0c2348fa4d62021-12-21 12:22:27.693root 11241100x8000000000000000657337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071a07a1eb601b832021-12-21 12:22:27.693root 11241100x8000000000000000657338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4544cd4ca0771f8a2021-12-21 12:22:27.693root 11241100x8000000000000000657339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f3bd0858ad41222021-12-21 12:22:27.693root 11241100x8000000000000000657340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5b84d294b7cbb12021-12-21 12:22:27.693root 11241100x8000000000000000657341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ca2bc1280f628d2021-12-21 12:22:27.693root 11241100x8000000000000000657342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c2a558b0a4b1f12021-12-21 12:22:27.693root 11241100x8000000000000000657343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9f7c3e00b05e242021-12-21 12:22:27.693root 11241100x8000000000000000657344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f428fd8700d3e532021-12-21 12:22:27.693root 11241100x8000000000000000657345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93750d31f152d36a2021-12-21 12:22:27.693root 11241100x8000000000000000657346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514cbd6f64d9b50d2021-12-21 12:22:27.693root 11241100x8000000000000000657347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f1e1edd21729212021-12-21 12:22:27.694root 11241100x8000000000000000657348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fff2e91432573772021-12-21 12:22:27.694root 11241100x8000000000000000657349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc51eabe581aca112021-12-21 12:22:27.694root 11241100x8000000000000000657350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d49c0228fab19c2021-12-21 12:22:27.694root 11241100x8000000000000000657351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d22e432c4a6ec42021-12-21 12:22:27.694root 11241100x8000000000000000657352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5289004bbfdcab2021-12-21 12:22:27.694root 11241100x8000000000000000657353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88d844bffcfe20a2021-12-21 12:22:27.694root 11241100x8000000000000000657354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864b0ff39f9db9af2021-12-21 12:22:27.694root 11241100x8000000000000000657355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5db89ecf15e6e72021-12-21 12:22:27.694root 11241100x8000000000000000657356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72daa17a265e43d92021-12-21 12:22:27.694root 11241100x8000000000000000657357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec0b5dfa9f1d4c42021-12-21 12:22:27.694root 11241100x8000000000000000657358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352fe9525d37e6e72021-12-21 12:22:27.695root 11241100x8000000000000000657359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500b800de4f9ae2c2021-12-21 12:22:27.695root 11241100x8000000000000000657360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3bdd56683fadd92021-12-21 12:22:28.193root 11241100x8000000000000000657361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de284ab62a6fac562021-12-21 12:22:28.194root 11241100x8000000000000000657362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951078b5ed1faef22021-12-21 12:22:28.194root 11241100x8000000000000000657363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573b2c3504785a2a2021-12-21 12:22:28.194root 11241100x8000000000000000657364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb481e69ffd508462021-12-21 12:22:28.194root 11241100x8000000000000000657365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4889bbc2bcd4aac2021-12-21 12:22:28.194root 11241100x8000000000000000657366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6b8bc18da55ceb2021-12-21 12:22:28.195root 11241100x8000000000000000657367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8a565b240f49602021-12-21 12:22:28.195root 11241100x8000000000000000657368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f573f6514941a9be2021-12-21 12:22:28.195root 11241100x8000000000000000657369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1f0c51c8c66de32021-12-21 12:22:28.195root 11241100x8000000000000000657370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b965b04300a4bcbb2021-12-21 12:22:28.195root 11241100x8000000000000000657371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b85cfda2d5159a2021-12-21 12:22:28.195root 11241100x8000000000000000657372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b227939d1411772021-12-21 12:22:28.195root 11241100x8000000000000000657373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374d604e8f41189f2021-12-21 12:22:28.196root 11241100x8000000000000000657374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e440d73275c8aa92021-12-21 12:22:28.196root 11241100x8000000000000000657375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d867d452060c3abb2021-12-21 12:22:28.196root 11241100x8000000000000000657376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762c25a833d890722021-12-21 12:22:28.196root 11241100x8000000000000000657377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d29912b34ee0c832021-12-21 12:22:28.196root 11241100x8000000000000000657378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fbd98a3b6599372021-12-21 12:22:28.196root 11241100x8000000000000000657379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a98502ab80937aa2021-12-21 12:22:28.196root 11241100x8000000000000000657380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b254dda01aaa4022021-12-21 12:22:28.196root 11241100x8000000000000000657381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbedac83516176872021-12-21 12:22:28.196root 11241100x8000000000000000657382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc183627283269fd2021-12-21 12:22:28.197root 11241100x8000000000000000657383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dd776fe9be51c42021-12-21 12:22:28.693root 11241100x8000000000000000657384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6272f964fc0dda1d2021-12-21 12:22:28.693root 11241100x8000000000000000657385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54aa654d9e2ac2d2021-12-21 12:22:28.693root 11241100x8000000000000000657386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031dabf71b7dc0912021-12-21 12:22:28.693root 11241100x8000000000000000657387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df165e80f536e3de2021-12-21 12:22:28.693root 11241100x8000000000000000657388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02989b9946838c282021-12-21 12:22:28.693root 11241100x8000000000000000657389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc412276cda9aa542021-12-21 12:22:28.694root 11241100x8000000000000000657390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0805399e076c041b2021-12-21 12:22:28.694root 11241100x8000000000000000657391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8754d858bcd08e2021-12-21 12:22:28.694root 11241100x8000000000000000657392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5794a6eb90f99e3b2021-12-21 12:22:28.694root 11241100x8000000000000000657393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baabc089133444792021-12-21 12:22:28.694root 11241100x8000000000000000657394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3baf7e6039d6900b2021-12-21 12:22:28.694root 11241100x8000000000000000657395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1550cde08f7be292021-12-21 12:22:28.694root 11241100x8000000000000000657396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0df8ec4bf2726542021-12-21 12:22:28.694root 11241100x8000000000000000657397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd0e3f21e9bf55f2021-12-21 12:22:28.694root 11241100x8000000000000000657398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b062d379198ea52021-12-21 12:22:28.694root 11241100x8000000000000000657399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c54845c7cca21402021-12-21 12:22:28.694root 11241100x8000000000000000657400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c336f790b857b7c2021-12-21 12:22:28.694root 11241100x8000000000000000657401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801ce4586db3664b2021-12-21 12:22:28.694root 11241100x8000000000000000657402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5790ee387f5315e2021-12-21 12:22:28.695root 11241100x8000000000000000657403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cafa23e573be152021-12-21 12:22:28.695root 11241100x8000000000000000657404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2be0e427e757fb42021-12-21 12:22:28.695root 11241100x8000000000000000657405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df93e2cb1586aab2021-12-21 12:22:28.695root 11241100x8000000000000000657406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce621f7077d62192021-12-21 12:22:29.193root 11241100x8000000000000000657407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62f3cb3508d297d2021-12-21 12:22:29.193root 11241100x8000000000000000657408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d689d66ab504c2342021-12-21 12:22:29.193root 11241100x8000000000000000657409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6ee57348d390402021-12-21 12:22:29.193root 11241100x8000000000000000657410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8882c4326c5fb5e2021-12-21 12:22:29.193root 11241100x8000000000000000657411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d64d529787710212021-12-21 12:22:29.193root 11241100x8000000000000000657412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cb97f16d89009a2021-12-21 12:22:29.193root 11241100x8000000000000000657413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce46ccc3973dd6cf2021-12-21 12:22:29.193root 11241100x8000000000000000657414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1a4a8d08b10eed2021-12-21 12:22:29.193root 11241100x8000000000000000657415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727f94f0efd969fd2021-12-21 12:22:29.193root 11241100x8000000000000000657416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4400ecf8249b5ee2021-12-21 12:22:29.193root 11241100x8000000000000000657417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb9362b5d85bad82021-12-21 12:22:29.193root 11241100x8000000000000000657418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc03f2b3e695d1b2021-12-21 12:22:29.194root 11241100x8000000000000000657419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd004ff2a8e920f2021-12-21 12:22:29.194root 11241100x8000000000000000657420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506d0bed003e6cd62021-12-21 12:22:29.194root 11241100x8000000000000000657421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb1e048282c981f2021-12-21 12:22:29.194root 11241100x8000000000000000657422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ac4c01c1ac97372021-12-21 12:22:29.194root 11241100x8000000000000000657423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0958a279e3c60ad2021-12-21 12:22:29.194root 11241100x8000000000000000657424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1083904af451fbc62021-12-21 12:22:29.195root 11241100x8000000000000000657425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752cf22a361053492021-12-21 12:22:29.195root 11241100x8000000000000000657426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cd80d2c4e913412021-12-21 12:22:29.195root 11241100x8000000000000000657427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81987c03579337752021-12-21 12:22:29.195root 11241100x8000000000000000657428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b86c8034c438a62021-12-21 12:22:29.195root 11241100x8000000000000000657429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb63850485176dc2021-12-21 12:22:29.693root 11241100x8000000000000000657430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60dd92c4e80f8fae2021-12-21 12:22:29.694root 11241100x8000000000000000657431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b782a0136b118ea2021-12-21 12:22:29.694root 11241100x8000000000000000657432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50413c23a08d0d8b2021-12-21 12:22:29.694root 11241100x8000000000000000657433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ce5171f3fb8df32021-12-21 12:22:29.694root 11241100x8000000000000000657434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73adb3e5f23bf0f52021-12-21 12:22:29.694root 11241100x8000000000000000657435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849f3845e191bcd32021-12-21 12:22:29.694root 11241100x8000000000000000657436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c264eed87a8fd442021-12-21 12:22:29.695root 11241100x8000000000000000657437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc3f54998d8abfa2021-12-21 12:22:29.695root 11241100x8000000000000000657438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9028763994bbf8f02021-12-21 12:22:29.695root 11241100x8000000000000000657439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e68f75e193debd92021-12-21 12:22:29.695root 11241100x8000000000000000657440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a7c7fa0d2a59132021-12-21 12:22:29.695root 11241100x8000000000000000657441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba7dda23b6e63042021-12-21 12:22:29.695root 11241100x8000000000000000657442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2327fc4dbf03aac52021-12-21 12:22:29.695root 11241100x8000000000000000657443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87018e293e02c8982021-12-21 12:22:29.695root 11241100x8000000000000000657444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a91844b219c07f22021-12-21 12:22:29.695root 11241100x8000000000000000657445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab7d5a40fea8d6d2021-12-21 12:22:29.695root 11241100x8000000000000000657446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0786f0cd9bfe4cac2021-12-21 12:22:29.696root 11241100x8000000000000000657447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa02cc84cdace13c2021-12-21 12:22:29.696root 11241100x8000000000000000657448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc53782d5728d7e42021-12-21 12:22:29.696root 11241100x8000000000000000657449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccec3faa572c8f552021-12-21 12:22:29.696root 11241100x8000000000000000657450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be95d0060dd9bdeb2021-12-21 12:22:29.696root 11241100x8000000000000000657451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b00cfced3d120af2021-12-21 12:22:29.696root 11241100x8000000000000000657452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31aa4990e04046fb2021-12-21 12:22:30.193root 11241100x8000000000000000657453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4370b8d8244be0ee2021-12-21 12:22:30.193root 11241100x8000000000000000657454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6ad1e6065fc7372021-12-21 12:22:30.193root 11241100x8000000000000000657455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371d76fc338d98ad2021-12-21 12:22:30.193root 11241100x8000000000000000657456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c7543300b52f012021-12-21 12:22:30.193root 11241100x8000000000000000657457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81e88e2e2fc2df42021-12-21 12:22:30.193root 11241100x8000000000000000657458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c8f1c4084372e72021-12-21 12:22:30.193root 11241100x8000000000000000657459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392711f6397bfbab2021-12-21 12:22:30.193root 11241100x8000000000000000657460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422768a47d7016172021-12-21 12:22:30.193root 11241100x8000000000000000657461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590d3700f1040f102021-12-21 12:22:30.193root 11241100x8000000000000000657462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb3257d37dfe9bd2021-12-21 12:22:30.193root 11241100x8000000000000000657463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0c1746431744612021-12-21 12:22:30.193root 11241100x8000000000000000657464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b821d0d86bfb85d92021-12-21 12:22:30.193root 11241100x8000000000000000657465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb32d71cf37a98522021-12-21 12:22:30.193root 11241100x8000000000000000657466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a24b0d5cb9478f12021-12-21 12:22:30.194root 11241100x8000000000000000657467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408d2e778387672a2021-12-21 12:22:30.194root 11241100x8000000000000000657468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bccf25002f01ac2021-12-21 12:22:30.194root 11241100x8000000000000000657469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67db9a0a628bd8622021-12-21 12:22:30.194root 11241100x8000000000000000657470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c950695377252942021-12-21 12:22:30.194root 11241100x8000000000000000657471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5410a21fdc7bd0422021-12-21 12:22:30.194root 11241100x8000000000000000657472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894d4966a0e77ec92021-12-21 12:22:30.194root 11241100x8000000000000000657473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de0b5c9d400626c2021-12-21 12:22:30.194root 11241100x8000000000000000657474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffa4ab528c8a6a12021-12-21 12:22:30.194root 11241100x8000000000000000657475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7643eaea923a7e32021-12-21 12:22:30.194root 11241100x8000000000000000657476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b398d3cb6a5536cb2021-12-21 12:22:30.693root 11241100x8000000000000000657477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1687cc437ef8d4992021-12-21 12:22:30.694root 11241100x8000000000000000657478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc035f14b6b6f682021-12-21 12:22:30.694root 11241100x8000000000000000657479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82d2f8a06a51a172021-12-21 12:22:30.694root 11241100x8000000000000000657480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fcaa95e667490502021-12-21 12:22:30.694root 11241100x8000000000000000657481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9947bff808b3fa442021-12-21 12:22:30.694root 11241100x8000000000000000657482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843d5654693af6dd2021-12-21 12:22:30.694root 11241100x8000000000000000657483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961e9c5068f2e5da2021-12-21 12:22:30.694root 11241100x8000000000000000657484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57efa82c05cbad9b2021-12-21 12:22:30.694root 11241100x8000000000000000657485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587fe350de4b0eb02021-12-21 12:22:30.694root 11241100x8000000000000000657486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9234c711b70cc6f62021-12-21 12:22:30.694root 11241100x8000000000000000657487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f2cecafca647802021-12-21 12:22:30.694root 11241100x8000000000000000657488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986d563bb0b30b4b2021-12-21 12:22:30.695root 11241100x8000000000000000657489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b1c8309ed2cd892021-12-21 12:22:30.695root 11241100x8000000000000000657490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13806cdce5c2d6fe2021-12-21 12:22:30.695root 11241100x8000000000000000657491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fede9f1f9d74439f2021-12-21 12:22:30.695root 11241100x8000000000000000657492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031821ff1c59d1802021-12-21 12:22:30.695root 11241100x8000000000000000657493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c58ea5d2f1272012021-12-21 12:22:30.695root 11241100x8000000000000000657494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4996a1f2c9bbfd2021-12-21 12:22:30.695root 11241100x8000000000000000657495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c8d432600adfa12021-12-21 12:22:30.695root 11241100x8000000000000000657496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccba8f32c6af1e112021-12-21 12:22:30.695root 11241100x8000000000000000657497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7577ba845e17199b2021-12-21 12:22:30.695root 11241100x8000000000000000657498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c242cb3e268c762021-12-21 12:22:30.695root 354300x8000000000000000657499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.084{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49896-false10.0.1.12-8000- 11241100x8000000000000000657500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f2c2631b28a2ea2021-12-21 12:22:31.086root 11241100x8000000000000000657501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc96564b4710b852021-12-21 12:22:31.086root 11241100x8000000000000000657502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b03c493f8becb2c2021-12-21 12:22:31.086root 11241100x8000000000000000657503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c503a2a80b2c9f572021-12-21 12:22:31.086root 11241100x8000000000000000657504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea1d428e6a376112021-12-21 12:22:31.087root 11241100x8000000000000000657505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c981ad43bb14543e2021-12-21 12:22:31.087root 11241100x8000000000000000657506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825f49b1c15bd7ea2021-12-21 12:22:31.087root 11241100x8000000000000000657507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8f95ebeabde97a2021-12-21 12:22:31.087root 11241100x8000000000000000657508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384da192f1c85d5d2021-12-21 12:22:31.087root 11241100x8000000000000000657509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91455e2ab650d0892021-12-21 12:22:31.087root 11241100x8000000000000000657510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f27a5c02481165a2021-12-21 12:22:31.088root 11241100x8000000000000000657511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248db0afa75aae692021-12-21 12:22:31.088root 11241100x8000000000000000657512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961b46a5f81229122021-12-21 12:22:31.088root 11241100x8000000000000000657513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cd60cfab3d997f2021-12-21 12:22:31.088root 11241100x8000000000000000657514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f87df6d5adc396e2021-12-21 12:22:31.088root 11241100x8000000000000000657515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f2a4cb5a40a7a92021-12-21 12:22:31.088root 11241100x8000000000000000657516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48315b311f1ce7e42021-12-21 12:22:31.088root 11241100x8000000000000000657517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734d5d2fd3a108282021-12-21 12:22:31.089root 11241100x8000000000000000657518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2e026f44eddc482021-12-21 12:22:31.089root 11241100x8000000000000000657519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175fdb622adec90a2021-12-21 12:22:31.089root 11241100x8000000000000000657520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fb80a5a782ecc92021-12-21 12:22:31.089root 11241100x8000000000000000657521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6421c812ffe4bf4c2021-12-21 12:22:31.089root 11241100x8000000000000000657522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d57ef61aa87f2e2021-12-21 12:22:31.089root 11241100x8000000000000000657523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d674c0147332682021-12-21 12:22:31.089root 11241100x8000000000000000657524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f9511161be3bdb2021-12-21 12:22:31.443root 11241100x8000000000000000657525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4290302f8e9263f62021-12-21 12:22:31.443root 11241100x8000000000000000657526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a505af4a07af6b522021-12-21 12:22:31.443root 11241100x8000000000000000657527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a4adec0fdc4cfa2021-12-21 12:22:31.443root 11241100x8000000000000000657528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5eb31836f5bf562021-12-21 12:22:31.443root 11241100x8000000000000000657529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25394c98933b35b32021-12-21 12:22:31.443root 11241100x8000000000000000657530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48973c2c54b875452021-12-21 12:22:31.444root 11241100x8000000000000000657531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a1db628e80dce42021-12-21 12:22:31.444root 11241100x8000000000000000657532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b7ec2720bd21cb2021-12-21 12:22:31.444root 11241100x8000000000000000657533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad13da958cb955622021-12-21 12:22:31.444root 11241100x8000000000000000657534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5611275ed9fd8c712021-12-21 12:22:31.444root 11241100x8000000000000000657535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e657d015c4d4425c2021-12-21 12:22:31.444root 11241100x8000000000000000657536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bebd11f566c51a2021-12-21 12:22:31.444root 11241100x8000000000000000657537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b347b69f6c83bb2021-12-21 12:22:31.445root 11241100x8000000000000000657538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954f12fafb191b0d2021-12-21 12:22:31.445root 11241100x8000000000000000657539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4058fae08ca248482021-12-21 12:22:31.445root 11241100x8000000000000000657540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216cf8dc676a489f2021-12-21 12:22:31.445root 11241100x8000000000000000657541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fa35cbed66cc432021-12-21 12:22:31.445root 11241100x8000000000000000657542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1ffe0bf5128a4d2021-12-21 12:22:31.445root 11241100x8000000000000000657543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795ee177231d20942021-12-21 12:22:31.445root 11241100x8000000000000000657544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7f67c4c90e40572021-12-21 12:22:31.445root 11241100x8000000000000000657545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e0d3b4bb4363822021-12-21 12:22:31.445root 11241100x8000000000000000657546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92cbf7323d84d2b92021-12-21 12:22:31.445root 11241100x8000000000000000657547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb2fbc9da4871c32021-12-21 12:22:31.446root 11241100x8000000000000000657548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf5f69452c962782021-12-21 12:22:31.943root 11241100x8000000000000000657549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27167737b1a1254a2021-12-21 12:22:31.943root 11241100x8000000000000000657550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcccf405a4fc5e692021-12-21 12:22:31.943root 11241100x8000000000000000657551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcdbee66aeac6c22021-12-21 12:22:31.943root 11241100x8000000000000000657552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8838e32bfaadb1ca2021-12-21 12:22:31.943root 11241100x8000000000000000657553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c15eca12027e8942021-12-21 12:22:31.943root 11241100x8000000000000000657554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79341d1c7df870b2021-12-21 12:22:31.943root 11241100x8000000000000000657555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb113297d6e7c9442021-12-21 12:22:31.943root 11241100x8000000000000000657556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8554ac1d2dbe24b12021-12-21 12:22:31.943root 11241100x8000000000000000657557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381821b21a9b39ff2021-12-21 12:22:31.943root 11241100x8000000000000000657558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d577535068e6fc2021-12-21 12:22:31.943root 11241100x8000000000000000657559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b08721daadea2842021-12-21 12:22:31.944root 11241100x8000000000000000657560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e586705930164d2021-12-21 12:22:31.944root 11241100x8000000000000000657561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8e77053c9b07e32021-12-21 12:22:31.944root 11241100x8000000000000000657562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2eee986a846477e2021-12-21 12:22:31.944root 11241100x8000000000000000657563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c943a282d18222bd2021-12-21 12:22:31.944root 11241100x8000000000000000657564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c023c49a7249a0712021-12-21 12:22:31.944root 11241100x8000000000000000657565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d8096e6d4b46ea2021-12-21 12:22:31.944root 11241100x8000000000000000657566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a111bbfec78a63592021-12-21 12:22:31.944root 11241100x8000000000000000657567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afbc25d45a4491d2021-12-21 12:22:31.944root 11241100x8000000000000000657568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8442fb39fc4c9552021-12-21 12:22:31.944root 11241100x8000000000000000657569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50cafc759bf63bc82021-12-21 12:22:31.944root 11241100x8000000000000000657570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8154b27c061f4e6a2021-12-21 12:22:31.944root 11241100x8000000000000000657571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba01779a18c636a2021-12-21 12:22:31.944root 11241100x8000000000000000657572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868fce72e10942402021-12-21 12:22:31.944root 11241100x8000000000000000657573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ea306fc1b9bf7a2021-12-21 12:22:32.443root 11241100x8000000000000000657574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc5a76a289e16402021-12-21 12:22:32.443root 11241100x8000000000000000657575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1601b09cd9089a132021-12-21 12:22:32.443root 11241100x8000000000000000657576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd979f6e17072ecf2021-12-21 12:22:32.443root 11241100x8000000000000000657577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71eb77bbb96049d2021-12-21 12:22:32.443root 11241100x8000000000000000657578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5519f5cc8222472021-12-21 12:22:32.443root 11241100x8000000000000000657579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1771985401ceab2021-12-21 12:22:32.443root 11241100x8000000000000000657580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72351b048d52f5012021-12-21 12:22:32.443root 11241100x8000000000000000657581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe2d46c097fd0982021-12-21 12:22:32.443root 11241100x8000000000000000657582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2612714ca4e8c85e2021-12-21 12:22:32.443root 11241100x8000000000000000657583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e50e3612fd198d82021-12-21 12:22:32.444root 11241100x8000000000000000657584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a7750826a69d762021-12-21 12:22:32.444root 11241100x8000000000000000657585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97904111b42276a2021-12-21 12:22:32.444root 11241100x8000000000000000657586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c472e39aa9883782021-12-21 12:22:32.444root 11241100x8000000000000000657587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0ef63654800b412021-12-21 12:22:32.444root 11241100x8000000000000000657588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febc7ec0f0ee006d2021-12-21 12:22:32.444root 11241100x8000000000000000657589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7eb77f984f42052021-12-21 12:22:32.444root 11241100x8000000000000000657590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa807e60a16996862021-12-21 12:22:32.444root 11241100x8000000000000000657591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f0e199cd1dca162021-12-21 12:22:32.444root 11241100x8000000000000000657592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485972973ae222fd2021-12-21 12:22:32.444root 11241100x8000000000000000657593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007177d4ba7089362021-12-21 12:22:32.444root 11241100x8000000000000000657594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573cf6672fc685bd2021-12-21 12:22:32.444root 11241100x8000000000000000657595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076b03f620dbcd7a2021-12-21 12:22:32.444root 11241100x8000000000000000657596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc170cb7c5b5b7b72021-12-21 12:22:32.444root 11241100x8000000000000000657597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce851d573a4fc3422021-12-21 12:22:32.943root 11241100x8000000000000000657598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92eee4766afb679d2021-12-21 12:22:32.943root 11241100x8000000000000000657599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afa819e37d823ba2021-12-21 12:22:32.943root 11241100x8000000000000000657600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73774f86716e14e2021-12-21 12:22:32.943root 11241100x8000000000000000657601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fc2bcd96e593f22021-12-21 12:22:32.943root 11241100x8000000000000000657602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad34b596e77744662021-12-21 12:22:32.944root 11241100x8000000000000000657603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfda3cc8b74fbb72021-12-21 12:22:32.944root 11241100x8000000000000000657604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2e09db4b4ecbe92021-12-21 12:22:32.944root 11241100x8000000000000000657605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859048ad3f7de9e22021-12-21 12:22:32.944root 11241100x8000000000000000657606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7082689784ae7df2021-12-21 12:22:32.944root 11241100x8000000000000000657607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c56cb5e8ef1c492021-12-21 12:22:32.944root 11241100x8000000000000000657608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a22756117ad694b2021-12-21 12:22:32.944root 11241100x8000000000000000657609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd22de6e77da701b2021-12-21 12:22:32.944root 11241100x8000000000000000657610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabe28740fead6c72021-12-21 12:22:32.944root 11241100x8000000000000000657611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebd6abc562491692021-12-21 12:22:32.944root 11241100x8000000000000000657612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92f9f06bec9f5332021-12-21 12:22:32.944root 11241100x8000000000000000657613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ca15f522575c732021-12-21 12:22:32.945root 11241100x8000000000000000657614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f4b477b47f33dc2021-12-21 12:22:32.945root 11241100x8000000000000000657615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daff5cea8a5ea9082021-12-21 12:22:32.945root 11241100x8000000000000000657616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20913cff01112552021-12-21 12:22:32.945root 11241100x8000000000000000657617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5fd6edbcf413be2021-12-21 12:22:32.945root 11241100x8000000000000000657618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81994aabfae1a8fb2021-12-21 12:22:32.945root 11241100x8000000000000000657619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa74376705238542021-12-21 12:22:32.945root 11241100x8000000000000000657620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8ca792d4e303d72021-12-21 12:22:32.945root 11241100x8000000000000000657621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482bd6404e7b32702021-12-21 12:22:32.945root 11241100x8000000000000000657622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e0f6860991a6172021-12-21 12:22:32.945root 11241100x8000000000000000657623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fa93b2a545df5b2021-12-21 12:22:32.945root 11241100x8000000000000000657624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf4d2b61e4fa49a2021-12-21 12:22:32.945root 11241100x8000000000000000657625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4170e7eeddbd9dd2021-12-21 12:22:33.443root 11241100x8000000000000000657626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23ad288f105640f2021-12-21 12:22:33.443root 11241100x8000000000000000657627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a303755b0148d02021-12-21 12:22:33.443root 11241100x8000000000000000657628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68ceeb0c58ea8332021-12-21 12:22:33.443root 11241100x8000000000000000657629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3879a26c9ef03462021-12-21 12:22:33.443root 11241100x8000000000000000657630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c078088de7bfad892021-12-21 12:22:33.443root 11241100x8000000000000000657631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7deb4abd94c20f0a2021-12-21 12:22:33.443root 11241100x8000000000000000657632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54bbbebc66d66e72021-12-21 12:22:33.444root 11241100x8000000000000000657633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708a18b82c7f10d92021-12-21 12:22:33.444root 11241100x8000000000000000657634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e347031838c660a42021-12-21 12:22:33.444root 11241100x8000000000000000657635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622d8501dca3fe252021-12-21 12:22:33.444root 11241100x8000000000000000657636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75641f2e54224cf2021-12-21 12:22:33.444root 11241100x8000000000000000657637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd5443c3088c6382021-12-21 12:22:33.444root 11241100x8000000000000000657638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3644829474c81f32021-12-21 12:22:33.444root 11241100x8000000000000000657639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7916941b8feedf212021-12-21 12:22:33.444root 11241100x8000000000000000657640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43edc925b77803672021-12-21 12:22:33.444root 11241100x8000000000000000657641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257e29b5f08aef062021-12-21 12:22:33.444root 11241100x8000000000000000657642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5cccb98d1014f62021-12-21 12:22:33.444root 11241100x8000000000000000657643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4050f5c910d39742021-12-21 12:22:33.444root 11241100x8000000000000000657644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f4af74f52251a22021-12-21 12:22:33.444root 11241100x8000000000000000657645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa692d81febdbfd2021-12-21 12:22:33.444root 11241100x8000000000000000657646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399bbc966b1bcb652021-12-21 12:22:33.444root 11241100x8000000000000000657647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66297c6967809372021-12-21 12:22:33.445root 11241100x8000000000000000657648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81990ca8f93f241b2021-12-21 12:22:33.445root 11241100x8000000000000000657649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44bd9141e34710e2021-12-21 12:22:33.943root 11241100x8000000000000000657650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079d4832e40141b32021-12-21 12:22:33.943root 11241100x8000000000000000657651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354ff0c3bc54ce8d2021-12-21 12:22:33.943root 11241100x8000000000000000657652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839620972119814a2021-12-21 12:22:33.943root 11241100x8000000000000000657653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f7701f1a7476b22021-12-21 12:22:33.943root 11241100x8000000000000000657654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a187a765211a61722021-12-21 12:22:33.943root 11241100x8000000000000000657655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aacee5c908b1b732021-12-21 12:22:33.943root 11241100x8000000000000000657656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337818e7be8f95c82021-12-21 12:22:33.944root 11241100x8000000000000000657657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e69ee09b99e23f52021-12-21 12:22:33.944root 11241100x8000000000000000657658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2a73581587920d2021-12-21 12:22:33.944root 11241100x8000000000000000657659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ce8af3f303dae12021-12-21 12:22:33.944root 11241100x8000000000000000657660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9795365ca8826752021-12-21 12:22:33.944root 11241100x8000000000000000657661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a966b9d7066c2312021-12-21 12:22:33.944root 11241100x8000000000000000657662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56a26ccc44f4e632021-12-21 12:22:33.944root 11241100x8000000000000000657663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb508f4da7ea433f2021-12-21 12:22:33.944root 11241100x8000000000000000657664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad4caab4a8ca9242021-12-21 12:22:33.944root 11241100x8000000000000000657665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63222a800557aa312021-12-21 12:22:33.944root 11241100x8000000000000000657666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c896bedfab9a062e2021-12-21 12:22:33.944root 11241100x8000000000000000657667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf89a32aae878fa2021-12-21 12:22:33.944root 11241100x8000000000000000657668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b684123aef3f3962021-12-21 12:22:33.944root 11241100x8000000000000000657669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164773a9c1b6bc292021-12-21 12:22:33.944root 11241100x8000000000000000657670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aba4febc8606fa72021-12-21 12:22:33.944root 11241100x8000000000000000657671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede7f5ace815b42f2021-12-21 12:22:33.944root 11241100x8000000000000000657672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f8fbc8a8fce4b52021-12-21 12:22:33.945root 11241100x8000000000000000657673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9a264bdfa43e312021-12-21 12:22:33.945root 11241100x8000000000000000657674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4094b98809f3512021-12-21 12:22:34.443root 11241100x8000000000000000657675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431100e36c2cd7902021-12-21 12:22:34.443root 11241100x8000000000000000657676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e1a86477e1178a2021-12-21 12:22:34.443root 11241100x8000000000000000657677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33fc1f79626f2ad2021-12-21 12:22:34.443root 11241100x8000000000000000657678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01244feae0004112021-12-21 12:22:34.443root 11241100x8000000000000000657679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef855d583e0d85ad2021-12-21 12:22:34.443root 11241100x8000000000000000657680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c493a2c3a97d182021-12-21 12:22:34.444root 11241100x8000000000000000657681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921443286ecf17482021-12-21 12:22:34.444root 11241100x8000000000000000657682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63be56cfb44637a72021-12-21 12:22:34.444root 11241100x8000000000000000657683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0701b680d8eb7b112021-12-21 12:22:34.444root 11241100x8000000000000000657684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6eff31d553f75e2021-12-21 12:22:34.444root 11241100x8000000000000000657685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebde2f8451efba12021-12-21 12:22:34.444root 11241100x8000000000000000657686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a958df3243ee61a2021-12-21 12:22:34.444root 11241100x8000000000000000657687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1d9f5a6f0476f22021-12-21 12:22:34.444root 11241100x8000000000000000657688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3b108b6a257b212021-12-21 12:22:34.444root 11241100x8000000000000000657689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d774e0a87e4ee3b2021-12-21 12:22:34.444root 11241100x8000000000000000657690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4ebf7f1d023c3f2021-12-21 12:22:34.444root 11241100x8000000000000000657691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd768d6d202a65062021-12-21 12:22:34.444root 11241100x8000000000000000657692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22e2b9194a3be042021-12-21 12:22:34.444root 11241100x8000000000000000657693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b8f6977ece0a542021-12-21 12:22:34.444root 11241100x8000000000000000657694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c136415acceeea2021-12-21 12:22:34.444root 11241100x8000000000000000657695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d230ca8be3a6802021-12-21 12:22:34.445root 11241100x8000000000000000657696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b388cbc0083e72a2021-12-21 12:22:34.445root 11241100x8000000000000000657697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcf5f541097f3752021-12-21 12:22:34.445root 11241100x8000000000000000657698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9340c782dabcf5412021-12-21 12:22:34.943root 11241100x8000000000000000657699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f294ea6bc43297932021-12-21 12:22:34.943root 11241100x8000000000000000657700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e152882e351c2552021-12-21 12:22:34.943root 11241100x8000000000000000657701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d2ce7e744c7f132021-12-21 12:22:34.943root 11241100x8000000000000000657702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b23a9bb49d7eec2021-12-21 12:22:34.944root 11241100x8000000000000000657703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920884636efa03e72021-12-21 12:22:34.944root 11241100x8000000000000000657704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba02f8ac9e91f772021-12-21 12:22:34.944root 11241100x8000000000000000657705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54977d47471f646d2021-12-21 12:22:34.944root 11241100x8000000000000000657706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df4c05e451e0e132021-12-21 12:22:34.944root 11241100x8000000000000000657707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839708f2a2f0c4022021-12-21 12:22:34.944root 11241100x8000000000000000657708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0e8df4f62941a62021-12-21 12:22:34.944root 11241100x8000000000000000657709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85fff0b1119bc092021-12-21 12:22:34.944root 11241100x8000000000000000657710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c582dc2519b68d6d2021-12-21 12:22:34.944root 11241100x8000000000000000657711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103949fab338515c2021-12-21 12:22:34.944root 11241100x8000000000000000657712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae83ef2cd45a8a202021-12-21 12:22:34.944root 11241100x8000000000000000657713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d4aece13fb8ab52021-12-21 12:22:34.944root 11241100x8000000000000000657714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e318bd2497f1276d2021-12-21 12:22:34.944root 11241100x8000000000000000657715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df847c2e173e9f3a2021-12-21 12:22:34.944root 11241100x8000000000000000657716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698b29e9830de4a72021-12-21 12:22:34.945root 11241100x8000000000000000657717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5645c2bb207d872021-12-21 12:22:34.945root 11241100x8000000000000000657718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44483834a389d1282021-12-21 12:22:34.945root 11241100x8000000000000000657719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c626cac0cf9e4f2021-12-21 12:22:34.945root 11241100x8000000000000000657720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733d435a7e8bcc822021-12-21 12:22:34.945root 11241100x8000000000000000657721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0369d7e61978b72021-12-21 12:22:34.945root 11241100x8000000000000000657722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888c4b388f74dfca2021-12-21 12:22:35.443root 11241100x8000000000000000657723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562fb5c95b24e63a2021-12-21 12:22:35.443root 11241100x8000000000000000657724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32b1fb5b00ce3912021-12-21 12:22:35.443root 11241100x8000000000000000657725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bf0a114867eae42021-12-21 12:22:35.443root 11241100x8000000000000000657726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90b7a27e53bc30e2021-12-21 12:22:35.443root 11241100x8000000000000000657727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79a8dfa67e2a78e2021-12-21 12:22:35.443root 11241100x8000000000000000657728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ebbb0f5fbb82da2021-12-21 12:22:35.443root 11241100x8000000000000000657729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f69a8b605cc6f02021-12-21 12:22:35.443root 11241100x8000000000000000657730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139ace6c7623896c2021-12-21 12:22:35.444root 11241100x8000000000000000657731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7873ba769fafa7732021-12-21 12:22:35.444root 11241100x8000000000000000657732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b83e2b06985ac82021-12-21 12:22:35.444root 11241100x8000000000000000657733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61694434ed1128062021-12-21 12:22:35.444root 11241100x8000000000000000657734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aaba1d0f0e873612021-12-21 12:22:35.444root 11241100x8000000000000000657735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bd5982d635408d2021-12-21 12:22:35.444root 11241100x8000000000000000657736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39863163483219552021-12-21 12:22:35.444root 11241100x8000000000000000657737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78e83df86b769372021-12-21 12:22:35.445root 11241100x8000000000000000657738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58eda5ce0bb160a12021-12-21 12:22:35.445root 11241100x8000000000000000657739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ed21b2a2bc19d42021-12-21 12:22:35.445root 11241100x8000000000000000657740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a53e2d510ef2f4d2021-12-21 12:22:35.445root 11241100x8000000000000000657741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a508312f704eb0c2021-12-21 12:22:35.445root 11241100x8000000000000000657742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4286d345219f58a12021-12-21 12:22:35.445root 11241100x8000000000000000657743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c32f26cae095a72021-12-21 12:22:35.445root 11241100x8000000000000000657744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acff8c4324891d252021-12-21 12:22:35.445root 11241100x8000000000000000657745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f5ae9fe4404be92021-12-21 12:22:35.446root 11241100x8000000000000000657746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6978c2b64e53ca2b2021-12-21 12:22:35.446root 11241100x8000000000000000657747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b579386641dc26542021-12-21 12:22:35.943root 11241100x8000000000000000657748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70bc44a365d782d2021-12-21 12:22:35.944root 11241100x8000000000000000657749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b514e63dd6d41a52021-12-21 12:22:35.944root 11241100x8000000000000000657750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d68141384e29d42021-12-21 12:22:35.944root 11241100x8000000000000000657751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad204700061da2162021-12-21 12:22:35.944root 11241100x8000000000000000657752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be1c049c13ffaa92021-12-21 12:22:35.944root 11241100x8000000000000000657753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dae6f8fd959f5ba2021-12-21 12:22:35.945root 11241100x8000000000000000657754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17456478a570fd482021-12-21 12:22:35.945root 11241100x8000000000000000657755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7469857210b024c2021-12-21 12:22:35.945root 11241100x8000000000000000657756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c8db0a6b08e74b2021-12-21 12:22:35.945root 11241100x8000000000000000657757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a7f035c5d109142021-12-21 12:22:35.945root 11241100x8000000000000000657758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4182913b25dae62021-12-21 12:22:35.945root 11241100x8000000000000000657759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdebc6599917213c2021-12-21 12:22:35.945root 11241100x8000000000000000657760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87eeae7e2b5272292021-12-21 12:22:35.945root 11241100x8000000000000000657761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4daece7893e464ec2021-12-21 12:22:35.945root 11241100x8000000000000000657762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63d6c9b51e9dbdd2021-12-21 12:22:35.945root 11241100x8000000000000000657763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3824c7f5228ec99e2021-12-21 12:22:35.945root 11241100x8000000000000000657764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2683b58e24a3062021-12-21 12:22:35.946root 11241100x8000000000000000657765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528a267ce1ef50a62021-12-21 12:22:35.946root 11241100x8000000000000000657766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10d6afc180a43612021-12-21 12:22:35.946root 11241100x8000000000000000657767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1e8704306d78212021-12-21 12:22:35.946root 11241100x8000000000000000657768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e2c4292c63be402021-12-21 12:22:35.946root 11241100x8000000000000000657769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d984618296944cd2021-12-21 12:22:35.946root 11241100x8000000000000000657770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92f057f9dc2f2a62021-12-21 12:22:35.946root 354300x8000000000000000657771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.127{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49898-false10.0.1.12-8000- 11241100x8000000000000000657772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.141{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:22:36.141root 11241100x8000000000000000657773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d42fd13bbbfa3f2021-12-21 12:22:36.443root 11241100x8000000000000000657774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f78c4523c9d24112021-12-21 12:22:36.443root 11241100x8000000000000000657775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae75de7dd92f4642021-12-21 12:22:36.443root 11241100x8000000000000000657776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2517b8eb9aff6a62021-12-21 12:22:36.443root 11241100x8000000000000000657777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc612d8515d3efe2021-12-21 12:22:36.444root 11241100x8000000000000000657778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1805efc6e170222021-12-21 12:22:36.444root 11241100x8000000000000000657779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34e9da0b99fc5782021-12-21 12:22:36.444root 11241100x8000000000000000657780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a997398e1b1e4f2021-12-21 12:22:36.444root 11241100x8000000000000000657781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba9b663dfdd00db2021-12-21 12:22:36.444root 11241100x8000000000000000657782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937b6c05d7af98f72021-12-21 12:22:36.444root 11241100x8000000000000000657783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9113f8a4a290aa062021-12-21 12:22:36.444root 11241100x8000000000000000657784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d29da61587c6be2021-12-21 12:22:36.444root 11241100x8000000000000000657785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b443226485600322021-12-21 12:22:36.444root 11241100x8000000000000000657786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7399e285515e4852021-12-21 12:22:36.444root 11241100x8000000000000000657787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50aa2a7110b7b0f82021-12-21 12:22:36.444root 11241100x8000000000000000657788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fd7503ef4c36c52021-12-21 12:22:36.444root 11241100x8000000000000000657789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e05e1f866df0792021-12-21 12:22:36.444root 11241100x8000000000000000657790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0bf18da54538302021-12-21 12:22:36.444root 11241100x8000000000000000657791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a971679bf1a0ec9a2021-12-21 12:22:36.444root 11241100x8000000000000000657792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0479f6a9b8660e142021-12-21 12:22:36.445root 11241100x8000000000000000657793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f3b159610f2a632021-12-21 12:22:36.445root 11241100x8000000000000000657794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a490489ead6e9912021-12-21 12:22:36.445root 11241100x8000000000000000657795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad1b42b5670bd342021-12-21 12:22:36.445root 11241100x8000000000000000657796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb35b73ef774dbd2021-12-21 12:22:36.445root 11241100x8000000000000000657797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53abb2f780979d722021-12-21 12:22:36.445root 11241100x8000000000000000657798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378ee6eeb293856b2021-12-21 12:22:36.445root 11241100x8000000000000000657799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d053d9126003a1252021-12-21 12:22:36.943root 11241100x8000000000000000657800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb14853ddf8dde5b2021-12-21 12:22:36.943root 11241100x8000000000000000657801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a342f217433cce802021-12-21 12:22:36.943root 11241100x8000000000000000657802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea46a531adcee182021-12-21 12:22:36.943root 11241100x8000000000000000657803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2192c2a43784e4ed2021-12-21 12:22:36.943root 11241100x8000000000000000657804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70951e2875ad7ec2021-12-21 12:22:36.943root 11241100x8000000000000000657805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7275cdc878c8831a2021-12-21 12:22:36.944root 11241100x8000000000000000657806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7959a10af7b27e2021-12-21 12:22:36.944root 11241100x8000000000000000657807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e49ea553681a3b32021-12-21 12:22:36.944root 11241100x8000000000000000657808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17870c484e9cbc5e2021-12-21 12:22:36.944root 11241100x8000000000000000657809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f12188c6dfcb732021-12-21 12:22:36.944root 11241100x8000000000000000657810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a58b3ec7d0c8a002021-12-21 12:22:36.944root 11241100x8000000000000000657811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a5445c74914ddc2021-12-21 12:22:36.944root 11241100x8000000000000000657812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba4058c908754492021-12-21 12:22:36.944root 11241100x8000000000000000657813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053796918dc61bb22021-12-21 12:22:36.944root 11241100x8000000000000000657814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e557b473bbe9b8312021-12-21 12:22:36.944root 11241100x8000000000000000657815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e574ebc367a0d7c62021-12-21 12:22:36.944root 11241100x8000000000000000657816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcd449aa9872a122021-12-21 12:22:36.944root 11241100x8000000000000000657817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db2959df802fadf2021-12-21 12:22:36.945root 11241100x8000000000000000657818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661675079616e0ac2021-12-21 12:22:36.945root 11241100x8000000000000000657819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ecce2946e826822021-12-21 12:22:36.945root 11241100x8000000000000000657820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6ee8778ca61e712021-12-21 12:22:36.945root 11241100x8000000000000000657821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52efbb725051bf062021-12-21 12:22:36.945root 11241100x8000000000000000657822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156bf21db4c115562021-12-21 12:22:36.945root 11241100x8000000000000000657823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4780a587367f76142021-12-21 12:22:36.945root 11241100x8000000000000000657824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed680f0beaa29a62021-12-21 12:22:36.945root 11241100x8000000000000000657825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e81a862be8a51402021-12-21 12:22:36.945root 11241100x8000000000000000657826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc56c8e4566b32e2021-12-21 12:22:36.945root 11241100x8000000000000000657827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afdbe0d3755e3652021-12-21 12:22:36.945root 11241100x8000000000000000657828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9acae49584c14872021-12-21 12:22:36.945root 11241100x8000000000000000657829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfeb08174701ac82021-12-21 12:22:36.945root 11241100x8000000000000000657830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b8d313b6b47e182021-12-21 12:22:36.945root 11241100x8000000000000000657831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b2ad0dcf04d4af2021-12-21 12:22:36.946root 11241100x8000000000000000657832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f0dc304898f26b2021-12-21 12:22:36.946root 11241100x8000000000000000657833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085f219841c8108c2021-12-21 12:22:36.946root 11241100x8000000000000000657834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a395ab3b7cef80d2021-12-21 12:22:36.946root 11241100x8000000000000000657835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae735cd08d2c8922021-12-21 12:22:36.946root 11241100x8000000000000000657836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d1cb580734bef72021-12-21 12:22:36.946root 11241100x8000000000000000657837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd55c36772518c42021-12-21 12:22:36.946root 11241100x8000000000000000657838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950ae23fba54013e2021-12-21 12:22:36.946root 11241100x8000000000000000657839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bde6be7ab2ba902021-12-21 12:22:36.946root 11241100x8000000000000000657840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189475b9bb8e9f202021-12-21 12:22:36.946root 11241100x8000000000000000657841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3743e1a05ad6312021-12-21 12:22:36.947root 11241100x8000000000000000657842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cf0bae05a706722021-12-21 12:22:36.947root 11241100x8000000000000000657843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c075c478020940d2021-12-21 12:22:36.947root 11241100x8000000000000000657844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938e71d0934923512021-12-21 12:22:36.947root 11241100x8000000000000000657845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0044089dd81c3e132021-12-21 12:22:36.947root 11241100x8000000000000000657846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e896748bb5e1792021-12-21 12:22:36.947root 11241100x8000000000000000657847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67eaf73ab6ad8e32021-12-21 12:22:36.947root 11241100x8000000000000000657848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e04ccef5fb63c82021-12-21 12:22:36.947root 11241100x8000000000000000657849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:36.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6109c26cc1b891c2021-12-21 12:22:36.947root 11241100x8000000000000000657850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4edeeebf4a3dd32021-12-21 12:22:37.443root 11241100x8000000000000000657851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a2509635c41ed32021-12-21 12:22:37.443root 11241100x8000000000000000657852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8913d6f664b6ca02021-12-21 12:22:37.443root 11241100x8000000000000000657853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f19111f3680ccb2021-12-21 12:22:37.443root 11241100x8000000000000000657854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b89bde876ca81ab2021-12-21 12:22:37.443root 11241100x8000000000000000657855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9ac3caa377c3e92021-12-21 12:22:37.443root 11241100x8000000000000000657856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092b37c85018c4a72021-12-21 12:22:37.443root 11241100x8000000000000000657857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ae2e4a74b4b6bd2021-12-21 12:22:37.443root 11241100x8000000000000000657858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae73d3b57fc857e82021-12-21 12:22:37.443root 11241100x8000000000000000657859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097ad2f5643c05252021-12-21 12:22:37.443root 11241100x8000000000000000657860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e158b68e1b549e2021-12-21 12:22:37.444root 11241100x8000000000000000657861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de01c8c52b10b852021-12-21 12:22:37.444root 11241100x8000000000000000657862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69794cdc5b2cb542021-12-21 12:22:37.444root 11241100x8000000000000000657863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db95d02aa6249ca2021-12-21 12:22:37.444root 11241100x8000000000000000657864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa64e79c9605774c2021-12-21 12:22:37.444root 11241100x8000000000000000657865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9740040ad29f38dc2021-12-21 12:22:37.444root 11241100x8000000000000000657866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364b110090e8a9582021-12-21 12:22:37.444root 11241100x8000000000000000657867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed212dc8b84585b2021-12-21 12:22:37.445root 11241100x8000000000000000657868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93a04e988ce1aad2021-12-21 12:22:37.445root 11241100x8000000000000000657869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41dcc480121f4c52021-12-21 12:22:37.445root 11241100x8000000000000000657870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bfd7cab827481e2021-12-21 12:22:37.445root 11241100x8000000000000000657871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574215cc260d00892021-12-21 12:22:37.446root 11241100x8000000000000000657872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db1478c6bbae5d32021-12-21 12:22:37.446root 11241100x8000000000000000657873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1462213753bf16c32021-12-21 12:22:37.446root 11241100x8000000000000000657874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6bcf00c851e3232021-12-21 12:22:37.446root 11241100x8000000000000000657875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd910daa864570c2021-12-21 12:22:37.446root 11241100x8000000000000000657876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdb591e98fffc592021-12-21 12:22:37.447root 11241100x8000000000000000657877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab5cb62b62f21702021-12-21 12:22:37.447root 11241100x8000000000000000657878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb2a813cdde68c62021-12-21 12:22:37.447root 11241100x8000000000000000657879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bc88f8564934152021-12-21 12:22:37.447root 11241100x8000000000000000657880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dac3b0e6f9abc062021-12-21 12:22:37.447root 11241100x8000000000000000657881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fd694e6d5911272021-12-21 12:22:37.447root 11241100x8000000000000000657882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfc95c124ff91572021-12-21 12:22:37.447root 11241100x8000000000000000657883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be61968851c07b3d2021-12-21 12:22:37.447root 11241100x8000000000000000657884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc94102befeb53de2021-12-21 12:22:37.447root 11241100x8000000000000000657885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d48b0f921f1abce2021-12-21 12:22:37.448root 11241100x8000000000000000657886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9559133fc025aedf2021-12-21 12:22:37.448root 11241100x8000000000000000657887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a84c25900208992021-12-21 12:22:37.449root 11241100x8000000000000000657888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fd75f6800c420b2021-12-21 12:22:37.449root 11241100x8000000000000000657889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d48d8fd3e02b8d22021-12-21 12:22:37.449root 11241100x8000000000000000657890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5072802f4efcc41a2021-12-21 12:22:37.449root 11241100x8000000000000000657891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3af692c21a56502021-12-21 12:22:37.449root 11241100x8000000000000000657892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4042c9f450e7362021-12-21 12:22:37.450root 11241100x8000000000000000657893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acd63ce8fe3030c2021-12-21 12:22:37.450root 11241100x8000000000000000657894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d32ab29e30039aa2021-12-21 12:22:37.943root 11241100x8000000000000000657895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8adc944ca12b9022021-12-21 12:22:37.943root 11241100x8000000000000000657896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2bcabd9a0689bf2021-12-21 12:22:37.943root 11241100x8000000000000000657897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11cd6774dfc9de72021-12-21 12:22:37.943root 11241100x8000000000000000657898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901fcb43b9ac0b2c2021-12-21 12:22:37.943root 11241100x8000000000000000657899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dac4d65794577ad2021-12-21 12:22:37.944root 11241100x8000000000000000657900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0d4260270d6de62021-12-21 12:22:37.944root 11241100x8000000000000000657901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606d40c0968f1c8c2021-12-21 12:22:37.944root 11241100x8000000000000000657902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f006263d7027612021-12-21 12:22:37.944root 11241100x8000000000000000657903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661e8c35cf1590432021-12-21 12:22:37.944root 11241100x8000000000000000657904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c48cf447e7ba4272021-12-21 12:22:37.944root 11241100x8000000000000000657905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a621733643b50c82021-12-21 12:22:37.944root 11241100x8000000000000000657906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cf88d8181b42292021-12-21 12:22:37.944root 11241100x8000000000000000657907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bb0675599d17502021-12-21 12:22:37.945root 11241100x8000000000000000657908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8eee6b7f7774a42021-12-21 12:22:37.945root 11241100x8000000000000000657909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a0a05b5d872f242021-12-21 12:22:37.945root 11241100x8000000000000000657910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b6f6edfffd8f342021-12-21 12:22:37.945root 11241100x8000000000000000657911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1823b5341384b13d2021-12-21 12:22:37.945root 11241100x8000000000000000657912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9be7926706bd6072021-12-21 12:22:37.945root 11241100x8000000000000000657913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cecf3f4caf59dba2021-12-21 12:22:37.945root 11241100x8000000000000000657914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b689c6e4606e8432021-12-21 12:22:37.945root 11241100x8000000000000000657915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4bcfcb34e7a02b2021-12-21 12:22:37.945root 11241100x8000000000000000657916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba5e9ac4bdc5bf32021-12-21 12:22:37.945root 11241100x8000000000000000657917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585651b4c97b47f52021-12-21 12:22:37.946root 11241100x8000000000000000657918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90764d0b5cf06bab2021-12-21 12:22:37.946root 11241100x8000000000000000657919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce249e9302af419f2021-12-21 12:22:37.946root 11241100x8000000000000000657920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7c652b1fdfa41d2021-12-21 12:22:38.443root 11241100x8000000000000000657921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444b64419e83ca842021-12-21 12:22:38.443root 11241100x8000000000000000657922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcd1327e37da38a2021-12-21 12:22:38.443root 11241100x8000000000000000657923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2c472026cf30052021-12-21 12:22:38.443root 11241100x8000000000000000657924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e110942843f1da852021-12-21 12:22:38.444root 11241100x8000000000000000657925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7695f7748536d1c62021-12-21 12:22:38.444root 11241100x8000000000000000657926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fdd64a05744de32021-12-21 12:22:38.444root 11241100x8000000000000000657927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb779e07e9366e8c2021-12-21 12:22:38.444root 11241100x8000000000000000657928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261e9edc269095c72021-12-21 12:22:38.444root 11241100x8000000000000000657929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0990a947eea3d80c2021-12-21 12:22:38.445root 11241100x8000000000000000657930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425120d98f35fc4b2021-12-21 12:22:38.445root 11241100x8000000000000000657931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e8da8b26f72d982021-12-21 12:22:38.445root 11241100x8000000000000000657932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25eca497ceeed7202021-12-21 12:22:38.445root 11241100x8000000000000000657933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39608e46b805f802021-12-21 12:22:38.445root 11241100x8000000000000000657934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabc6b4e8fa295172021-12-21 12:22:38.445root 11241100x8000000000000000657935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a926fc1970c631b2021-12-21 12:22:38.446root 11241100x8000000000000000657936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fad7881c5ca0c92021-12-21 12:22:38.446root 11241100x8000000000000000657937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ef5e351fc0b7a42021-12-21 12:22:38.446root 11241100x8000000000000000657938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d0d5061edcf2492021-12-21 12:22:38.446root 11241100x8000000000000000657939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ea7248a9f127f42021-12-21 12:22:38.446root 11241100x8000000000000000657940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8877af8cab93a1842021-12-21 12:22:38.446root 11241100x8000000000000000657941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1823e88c77dc6d42021-12-21 12:22:38.446root 11241100x8000000000000000657942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a99af29f52e40052021-12-21 12:22:38.446root 11241100x8000000000000000657943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d172b677236ae82021-12-21 12:22:38.446root 11241100x8000000000000000657944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7feb130296aae602021-12-21 12:22:38.447root 11241100x8000000000000000657945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b04f84267b31772021-12-21 12:22:38.447root 11241100x8000000000000000657946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c366a7ae9e30cde2021-12-21 12:22:38.943root 11241100x8000000000000000657947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb67e5a8d7872782021-12-21 12:22:38.943root 11241100x8000000000000000657948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165aa982e06339812021-12-21 12:22:38.943root 11241100x8000000000000000657949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a5f847914748b22021-12-21 12:22:38.943root 11241100x8000000000000000657950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d2e462a83fcf362021-12-21 12:22:38.943root 11241100x8000000000000000657951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723ed939d3d6998a2021-12-21 12:22:38.943root 11241100x8000000000000000657952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ee0df6f89d16ae2021-12-21 12:22:38.943root 11241100x8000000000000000657953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8edd6c921ef95e2021-12-21 12:22:38.943root 11241100x8000000000000000657954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee44117db2521572021-12-21 12:22:38.944root 11241100x8000000000000000657955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd97575005d3f032021-12-21 12:22:38.944root 11241100x8000000000000000657956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee64758c8337f852021-12-21 12:22:38.944root 11241100x8000000000000000657957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660c36cdb6e82b832021-12-21 12:22:38.944root 11241100x8000000000000000657958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7267cc8a3ecd1182021-12-21 12:22:38.944root 11241100x8000000000000000657959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b6b2312f728dbf2021-12-21 12:22:38.944root 11241100x8000000000000000657960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e1d46f8e2896012021-12-21 12:22:38.944root 11241100x8000000000000000657961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199c0d63dfbd06f42021-12-21 12:22:38.944root 11241100x8000000000000000657962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72be0953d86b16a2021-12-21 12:22:38.944root 11241100x8000000000000000657963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327f9846c7b81a002021-12-21 12:22:38.944root 11241100x8000000000000000657964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ce313f4e9f2cb02021-12-21 12:22:38.944root 11241100x8000000000000000657965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31230507ee5b63c2021-12-21 12:22:38.945root 11241100x8000000000000000657966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f4bdd1181fbd6e2021-12-21 12:22:38.945root 11241100x8000000000000000657967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5f54d38db8b17a2021-12-21 12:22:38.945root 11241100x8000000000000000657968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e272032acc4ded52021-12-21 12:22:38.945root 11241100x8000000000000000657969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a9d9f1cb31eabd2021-12-21 12:22:38.945root 11241100x8000000000000000657970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39b52dd963713a22021-12-21 12:22:38.945root 11241100x8000000000000000657971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fecf32a66574f62021-12-21 12:22:38.945root 11241100x8000000000000000657972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d78152a76225ff2021-12-21 12:22:38.945root 11241100x8000000000000000657973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef0774f2173a7542021-12-21 12:22:38.946root 11241100x8000000000000000657974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860bdc530e6168352021-12-21 12:22:38.946root 11241100x8000000000000000657975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83115cc2177f6882021-12-21 12:22:38.946root 11241100x8000000000000000657976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee54a2c5e45c9dec2021-12-21 12:22:38.946root 11241100x8000000000000000657977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6addf758cdf128be2021-12-21 12:22:38.947root 11241100x8000000000000000657978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b608497855ce19b82021-12-21 12:22:38.947root 11241100x8000000000000000657979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7f11aa3aa0ff272021-12-21 12:22:38.947root 11241100x8000000000000000657980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683600e10f2018a32021-12-21 12:22:38.947root 11241100x8000000000000000657981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266c92364a3066542021-12-21 12:22:39.443root 11241100x8000000000000000657982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac65e87c67b44f62021-12-21 12:22:39.443root 11241100x8000000000000000657983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0382c80f7b1c8b382021-12-21 12:22:39.443root 11241100x8000000000000000657984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadd1abe7ec2e02b2021-12-21 12:22:39.443root 11241100x8000000000000000657985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c2c26ff0d319812021-12-21 12:22:39.443root 11241100x8000000000000000657986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf92bb511060ef72021-12-21 12:22:39.444root 11241100x8000000000000000657987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bcd60f19a5c48a2021-12-21 12:22:39.444root 11241100x8000000000000000657988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789b528bc1d6b57c2021-12-21 12:22:39.444root 11241100x8000000000000000657989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeae350f5e8be8fa2021-12-21 12:22:39.444root 11241100x8000000000000000657990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0113b287abf817b32021-12-21 12:22:39.444root 11241100x8000000000000000657991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d0a9e18adfa8c22021-12-21 12:22:39.444root 11241100x8000000000000000657992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6367df9475c7d69b2021-12-21 12:22:39.444root 11241100x8000000000000000657993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38862d616731139f2021-12-21 12:22:39.444root 11241100x8000000000000000657994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0c3da2b0849d6c2021-12-21 12:22:39.444root 11241100x8000000000000000657995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a2fee031a0e1c62021-12-21 12:22:39.444root 11241100x8000000000000000657996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a9950bf95101ad2021-12-21 12:22:39.444root 11241100x8000000000000000657997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a724e91e2282a12021-12-21 12:22:39.444root 11241100x8000000000000000657998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bd57f7e461658f2021-12-21 12:22:39.444root 11241100x8000000000000000657999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b243b7f0a90c13d2021-12-21 12:22:39.444root 11241100x8000000000000000658000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b838e0691d93f91a2021-12-21 12:22:39.444root 11241100x8000000000000000658001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d3b2e9847996082021-12-21 12:22:39.445root 11241100x8000000000000000658002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc0c4ad1126e5fe2021-12-21 12:22:39.445root 11241100x8000000000000000658003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b650ee152e2a73b2021-12-21 12:22:39.445root 11241100x8000000000000000658004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222ddf19ba35b1d72021-12-21 12:22:39.445root 11241100x8000000000000000658005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81543de2f58e572e2021-12-21 12:22:39.445root 11241100x8000000000000000658006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b1ff8b967eb6d12021-12-21 12:22:39.445root 11241100x8000000000000000658007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad105a9b38f063a2021-12-21 12:22:39.943root 11241100x8000000000000000658008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94de9cd8a5a6c2952021-12-21 12:22:39.943root 11241100x8000000000000000658009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6099267399155062021-12-21 12:22:39.943root 11241100x8000000000000000658010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d1e737d2a3caca2021-12-21 12:22:39.944root 11241100x8000000000000000658011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d270146c5ea52dd2021-12-21 12:22:39.944root 11241100x8000000000000000658012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6e1d626168a1272021-12-21 12:22:39.944root 11241100x8000000000000000658013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59eb3be1e8300f82021-12-21 12:22:39.944root 11241100x8000000000000000658014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a44403667ba4022021-12-21 12:22:39.944root 11241100x8000000000000000658015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e19dc4c646e1aa32021-12-21 12:22:39.944root 11241100x8000000000000000658016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3def89b07063a2752021-12-21 12:22:39.944root 11241100x8000000000000000658017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390f63cdf23454802021-12-21 12:22:39.944root 11241100x8000000000000000658018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13dea50abc0675842021-12-21 12:22:39.944root 11241100x8000000000000000658019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758cf9a163b2796a2021-12-21 12:22:39.944root 11241100x8000000000000000658020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ae33d4ac7f315c2021-12-21 12:22:39.944root 11241100x8000000000000000658021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0005b91dd7f1a9f2021-12-21 12:22:39.945root 11241100x8000000000000000658022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef73d86a1ced9572021-12-21 12:22:39.945root 11241100x8000000000000000658023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094f3db342df5a152021-12-21 12:22:39.945root 11241100x8000000000000000658024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed61ce3b1c36d8b2021-12-21 12:22:39.945root 11241100x8000000000000000658025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352097968b5441f32021-12-21 12:22:39.945root 11241100x8000000000000000658026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc52ed3c821de4082021-12-21 12:22:39.945root 11241100x8000000000000000658027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6738cab755413a42021-12-21 12:22:39.945root 11241100x8000000000000000658028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe951b528970b962021-12-21 12:22:39.945root 11241100x8000000000000000658029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2708652d37654d22021-12-21 12:22:39.945root 11241100x8000000000000000658030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7b879b3b4bb5b12021-12-21 12:22:39.945root 11241100x8000000000000000658031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e01bca7fa9f9912021-12-21 12:22:39.945root 11241100x8000000000000000658032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be397fb7cc799de2021-12-21 12:22:39.946root 11241100x8000000000000000658033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47cdb6d6e38b2d82021-12-21 12:22:40.443root 11241100x8000000000000000658034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cc8052d72f624f2021-12-21 12:22:40.443root 11241100x8000000000000000658035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b655b278200f712021-12-21 12:22:40.443root 11241100x8000000000000000658036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d10d7fe70c990182021-12-21 12:22:40.443root 11241100x8000000000000000658037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9787a06b5025e1b12021-12-21 12:22:40.444root 11241100x8000000000000000658038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e769bd67bf55cfc2021-12-21 12:22:40.444root 11241100x8000000000000000658039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a245315d421ef662021-12-21 12:22:40.444root 11241100x8000000000000000658040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2419621f088e12bb2021-12-21 12:22:40.444root 11241100x8000000000000000658041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4576b0c8bafbf3382021-12-21 12:22:40.444root 11241100x8000000000000000658042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044a120142290ddf2021-12-21 12:22:40.444root 11241100x8000000000000000658043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2a9076ba9445802021-12-21 12:22:40.444root 11241100x8000000000000000658044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d691a343dd9b72e72021-12-21 12:22:40.444root 11241100x8000000000000000658045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5e54782f49196b2021-12-21 12:22:40.444root 11241100x8000000000000000658046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d64373483e1f85c2021-12-21 12:22:40.444root 11241100x8000000000000000658047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9993127f1d953c02021-12-21 12:22:40.444root 11241100x8000000000000000658048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f168a57b7f4d832021-12-21 12:22:40.444root 11241100x8000000000000000658049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e02f2cc218435e2021-12-21 12:22:40.444root 11241100x8000000000000000658050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd260c7bc4a8aac2021-12-21 12:22:40.444root 11241100x8000000000000000658051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68abe84517e7d1b22021-12-21 12:22:40.444root 11241100x8000000000000000658052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2c42e343cd660e2021-12-21 12:22:40.444root 11241100x8000000000000000658053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9efbdb45b231b19d2021-12-21 12:22:40.445root 11241100x8000000000000000658054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cd9f8f7dcedc812021-12-21 12:22:40.445root 11241100x8000000000000000658055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1f3e1cef2b9bd92021-12-21 12:22:40.445root 11241100x8000000000000000658056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab2bf3fbbaaef362021-12-21 12:22:40.445root 11241100x8000000000000000658057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c29ba46e615b902021-12-21 12:22:40.445root 11241100x8000000000000000658058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65be34be2ffbeb32021-12-21 12:22:40.445root 11241100x8000000000000000658059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad5928ed04169822021-12-21 12:22:40.943root 11241100x8000000000000000658060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3e5320e2a8ca362021-12-21 12:22:40.943root 11241100x8000000000000000658061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41152959426900882021-12-21 12:22:40.943root 11241100x8000000000000000658062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3717d5d2cf6bd23f2021-12-21 12:22:40.943root 11241100x8000000000000000658063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0e0bbb7e8f2b602021-12-21 12:22:40.943root 11241100x8000000000000000658064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbacf413d24dfe502021-12-21 12:22:40.943root 11241100x8000000000000000658065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95ae0c421391a892021-12-21 12:22:40.943root 11241100x8000000000000000658066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30135bac899413d2021-12-21 12:22:40.943root 11241100x8000000000000000658067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee36c56ef73bb25d2021-12-21 12:22:40.943root 11241100x8000000000000000658068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8da512fbdd6be32021-12-21 12:22:40.943root 11241100x8000000000000000658069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3660bae0fcafdb692021-12-21 12:22:40.943root 11241100x8000000000000000658070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e576021b6df6e32021-12-21 12:22:40.944root 11241100x8000000000000000658071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e163987755eafdf2021-12-21 12:22:40.944root 11241100x8000000000000000658072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5efdb66d9e544e2021-12-21 12:22:40.944root 11241100x8000000000000000658073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5f3727569c4b3b2021-12-21 12:22:40.944root 11241100x8000000000000000658074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e1f5b51e5e383f2021-12-21 12:22:40.944root 11241100x8000000000000000658075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094957fab1825b612021-12-21 12:22:40.944root 11241100x8000000000000000658076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7795dc84ee433f2021-12-21 12:22:40.944root 11241100x8000000000000000658077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f983dc19deb01c492021-12-21 12:22:40.944root 11241100x8000000000000000658078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81655d7baca6d4d2021-12-21 12:22:40.944root 11241100x8000000000000000658079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30cc80d785eda612021-12-21 12:22:40.944root 11241100x8000000000000000658080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142d9d84a5c4d78c2021-12-21 12:22:40.944root 11241100x8000000000000000658081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d2f98bfcfc28b52021-12-21 12:22:40.944root 11241100x8000000000000000658082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d550d5ee0e170d332021-12-21 12:22:40.944root 11241100x8000000000000000658083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc75524d796ebb692021-12-21 12:22:40.944root 11241100x8000000000000000658084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f41d3bcb3c8f9a2021-12-21 12:22:40.944root 11241100x8000000000000000658085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b09dcbe87de4ec92021-12-21 12:22:41.443root 11241100x8000000000000000658086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728fc5343aa2fb172021-12-21 12:22:41.443root 11241100x8000000000000000658087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0731c20e901d432021-12-21 12:22:41.443root 11241100x8000000000000000658088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d7ea81278179702021-12-21 12:22:41.443root 11241100x8000000000000000658089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b234159de517c112021-12-21 12:22:41.443root 11241100x8000000000000000658090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144280c63cec6f2d2021-12-21 12:22:41.443root 11241100x8000000000000000658091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9589a3cac17899ed2021-12-21 12:22:41.444root 11241100x8000000000000000658092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8029728a53ca0482021-12-21 12:22:41.444root 11241100x8000000000000000658093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d1bedd1b3440062021-12-21 12:22:41.444root 11241100x8000000000000000658094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887b46494b19c7f82021-12-21 12:22:41.444root 11241100x8000000000000000658095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8b24d71c7ff54b2021-12-21 12:22:41.444root 11241100x8000000000000000658096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4db701e80495feb2021-12-21 12:22:41.444root 11241100x8000000000000000658097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7eb5024978e491b2021-12-21 12:22:41.444root 11241100x8000000000000000658098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56500851cd3ea6b12021-12-21 12:22:41.444root 11241100x8000000000000000658099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e505f4db2b4c71882021-12-21 12:22:41.444root 11241100x8000000000000000658100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5797173113db956d2021-12-21 12:22:41.444root 11241100x8000000000000000658101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baba2fa3dfdfb4972021-12-21 12:22:41.444root 11241100x8000000000000000658102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247ca0ead1669d8b2021-12-21 12:22:41.444root 11241100x8000000000000000658103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4482b9e329b0862021-12-21 12:22:41.444root 11241100x8000000000000000658104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1228cdba158b18ef2021-12-21 12:22:41.444root 11241100x8000000000000000658105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdd0b1bd2732f0d2021-12-21 12:22:41.444root 11241100x8000000000000000658106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cddd0cbbbd5d23d02021-12-21 12:22:41.444root 11241100x8000000000000000658107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b8486b9e7e429d2021-12-21 12:22:41.445root 11241100x8000000000000000658108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f598227f256e093a2021-12-21 12:22:41.445root 11241100x8000000000000000658109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ea08d0e9e6e0062021-12-21 12:22:41.445root 11241100x8000000000000000658110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d055b002aa06943a2021-12-21 12:22:41.445root 11241100x8000000000000000658111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d7deb79e7b96fc2021-12-21 12:22:41.445root 11241100x8000000000000000658112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604d675466760e702021-12-21 12:22:41.943root 11241100x8000000000000000658113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.accbae5480c396ff2021-12-21 12:22:41.943root 11241100x8000000000000000658114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e14d823843078e82021-12-21 12:22:41.943root 11241100x8000000000000000658115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a69dd02742db9702021-12-21 12:22:41.943root 11241100x8000000000000000658116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e28ae00c8106d3e2021-12-21 12:22:41.944root 11241100x8000000000000000658117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b5fb9ee7a8e4722021-12-21 12:22:41.944root 11241100x8000000000000000658118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18f84940003c4422021-12-21 12:22:41.944root 11241100x8000000000000000658119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab1d38d3d2bad8e2021-12-21 12:22:41.944root 11241100x8000000000000000658120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab9f64735f649962021-12-21 12:22:41.944root 11241100x8000000000000000658121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00f5bee27128dd02021-12-21 12:22:41.944root 11241100x8000000000000000658122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5fc60a91721f852021-12-21 12:22:41.944root 11241100x8000000000000000658123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4b5d8611d988122021-12-21 12:22:41.944root 11241100x8000000000000000658124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227711b13b1c80552021-12-21 12:22:41.944root 11241100x8000000000000000658125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffbf72fe319165f2021-12-21 12:22:41.944root 11241100x8000000000000000658126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb8e3516acd7c042021-12-21 12:22:41.944root 11241100x8000000000000000658127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b762cd6e18c78cf02021-12-21 12:22:41.944root 11241100x8000000000000000658128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4738c2039420ccc2021-12-21 12:22:41.944root 11241100x8000000000000000658129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2959ee03e7bf39602021-12-21 12:22:41.944root 11241100x8000000000000000658130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9009bb6f4c638da02021-12-21 12:22:41.944root 11241100x8000000000000000658131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fb7c357ed8df382021-12-21 12:22:41.945root 11241100x8000000000000000658132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d8bd71b72a6a392021-12-21 12:22:41.945root 11241100x8000000000000000658133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16bbdadf9a8f0de2021-12-21 12:22:41.945root 11241100x8000000000000000658134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8fcf34f083f1832021-12-21 12:22:41.945root 11241100x8000000000000000658135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46547966c01cdf282021-12-21 12:22:41.945root 11241100x8000000000000000658136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c33ff7600cf2b52021-12-21 12:22:41.945root 11241100x8000000000000000658137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184747f23e8aa0a22021-12-21 12:22:41.945root 23542300x8000000000000000658138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:41.995{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x8000000000000000658139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.110{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49900-false10.0.1.12-8000- 11241100x8000000000000000658140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75364026226b82872021-12-21 12:22:42.443root 11241100x8000000000000000658141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1d083e7781526a2021-12-21 12:22:42.443root 11241100x8000000000000000658142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6556b11f95fb9872021-12-21 12:22:42.443root 11241100x8000000000000000658143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5c9ab2acd43b742021-12-21 12:22:42.443root 11241100x8000000000000000658144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a27a87e869ad82b2021-12-21 12:22:42.443root 11241100x8000000000000000658145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2605306d599de8582021-12-21 12:22:42.443root 11241100x8000000000000000658146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a6ef04f7ce310a2021-12-21 12:22:42.444root 11241100x8000000000000000658147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435ac9c6e0520d5a2021-12-21 12:22:42.444root 11241100x8000000000000000658148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d5f6d902cecda92021-12-21 12:22:42.444root 11241100x8000000000000000658149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc076a1f9c71cde2021-12-21 12:22:42.444root 11241100x8000000000000000658150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b707fc837b8d84c2021-12-21 12:22:42.444root 11241100x8000000000000000658151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7e6cae26595fbc2021-12-21 12:22:42.444root 11241100x8000000000000000658152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89c2e610e0476292021-12-21 12:22:42.444root 11241100x8000000000000000658153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695984bbd18849f42021-12-21 12:22:42.444root 11241100x8000000000000000658154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b260a9d0c623332021-12-21 12:22:42.444root 11241100x8000000000000000658155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2acdf0a42b2487b72021-12-21 12:22:42.444root 11241100x8000000000000000658156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd24f7a9e15a7582021-12-21 12:22:42.444root 11241100x8000000000000000658157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac7a12ae3b9a2832021-12-21 12:22:42.444root 11241100x8000000000000000658158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2499c464dc1b7e52021-12-21 12:22:42.444root 11241100x8000000000000000658159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19be737b3e3bb5202021-12-21 12:22:42.445root 11241100x8000000000000000658160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e733534ee6023432021-12-21 12:22:42.445root 11241100x8000000000000000658161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7914e929dcf813d2021-12-21 12:22:42.445root 11241100x8000000000000000658162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeac8adcc6b67d6b2021-12-21 12:22:42.445root 11241100x8000000000000000658163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe2755b2543d5522021-12-21 12:22:42.445root 11241100x8000000000000000658164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef5aabce46956f32021-12-21 12:22:42.445root 11241100x8000000000000000658165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a22fc759debad292021-12-21 12:22:42.445root 11241100x8000000000000000658166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36713f937a9c3c12021-12-21 12:22:42.445root 11241100x8000000000000000658167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e6c4cfd33a308a2021-12-21 12:22:42.445root 11241100x8000000000000000658168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4baf435ef7899f2021-12-21 12:22:42.445root 11241100x8000000000000000658169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78abc184c04bb9922021-12-21 12:22:42.445root 11241100x8000000000000000658170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd8781f273f3c672021-12-21 12:22:42.445root 11241100x8000000000000000658171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e9a7e626a74a782021-12-21 12:22:42.446root 11241100x8000000000000000658172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45b4dd75e67f68c2021-12-21 12:22:42.943root 11241100x8000000000000000658173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1bd4922e7687842021-12-21 12:22:42.943root 11241100x8000000000000000658174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8e2c1d0c5aa64c2021-12-21 12:22:42.943root 11241100x8000000000000000658175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ebd7623c743b532021-12-21 12:22:42.943root 11241100x8000000000000000658176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfef05641cebcded2021-12-21 12:22:42.943root 11241100x8000000000000000658177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cca473c969ec972021-12-21 12:22:42.943root 11241100x8000000000000000658178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fb32f30dae9a732021-12-21 12:22:42.943root 11241100x8000000000000000658179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9daa787d2be0d422021-12-21 12:22:42.943root 11241100x8000000000000000658180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d36e378befd3372021-12-21 12:22:42.944root 11241100x8000000000000000658181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7b18957979f0642021-12-21 12:22:42.944root 11241100x8000000000000000658182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0ba150a42a5d0b2021-12-21 12:22:42.944root 11241100x8000000000000000658183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8ab3bdd8221d7b2021-12-21 12:22:42.944root 11241100x8000000000000000658184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2dd0a010034cfb2021-12-21 12:22:42.944root 11241100x8000000000000000658185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753611a78a44097e2021-12-21 12:22:42.944root 11241100x8000000000000000658186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b046d30a114281f02021-12-21 12:22:42.944root 11241100x8000000000000000658187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dff313815175a772021-12-21 12:22:42.944root 11241100x8000000000000000658188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba90289426416592021-12-21 12:22:42.944root 11241100x8000000000000000658189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca88e35d3baeed72021-12-21 12:22:42.944root 11241100x8000000000000000658190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b96d1957b8384592021-12-21 12:22:42.944root 11241100x8000000000000000658191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65d50c0786a13f42021-12-21 12:22:42.944root 11241100x8000000000000000658192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bf82e950671b162021-12-21 12:22:42.945root 11241100x8000000000000000658193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbf7e874f8477f32021-12-21 12:22:42.945root 11241100x8000000000000000658194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd2d649741552002021-12-21 12:22:42.945root 11241100x8000000000000000658195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb78ed77bd4ac7f2021-12-21 12:22:42.945root 11241100x8000000000000000658196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6c8fc75977157d2021-12-21 12:22:42.945root 11241100x8000000000000000658197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce38e8e9317213832021-12-21 12:22:42.945root 11241100x8000000000000000658198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fac4526c423b9b2021-12-21 12:22:42.945root 11241100x8000000000000000658199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8758d33c7b5c1a2021-12-21 12:22:42.945root 11241100x8000000000000000658200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf88d6f5cd6c2f22021-12-21 12:22:42.945root 11241100x8000000000000000658201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5657f3abe05c88db2021-12-21 12:22:42.945root 11241100x8000000000000000658202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac81930659244fe52021-12-21 12:22:42.945root 11241100x8000000000000000658203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefcea55a138b6db2021-12-21 12:22:42.945root 11241100x8000000000000000658204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911a954d59b297cf2021-12-21 12:22:42.945root 11241100x8000000000000000658205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f01a2fd9cb13d5e2021-12-21 12:22:42.945root 11241100x8000000000000000658206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3609c327018cdea32021-12-21 12:22:42.945root 11241100x8000000000000000658207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed7aba98b7acf4a2021-12-21 12:22:42.945root 11241100x8000000000000000658208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c1d9f5fc94f4d92021-12-21 12:22:42.946root 11241100x8000000000000000658209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fec4885f85dab932021-12-21 12:22:43.443root 11241100x8000000000000000658210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab11a7e785a4c00b2021-12-21 12:22:43.443root 11241100x8000000000000000658211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7665dd07e4656f2d2021-12-21 12:22:43.443root 11241100x8000000000000000658212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c67deb925fbcdaf2021-12-21 12:22:43.444root 11241100x8000000000000000658213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3490151ca0ec5b9f2021-12-21 12:22:43.444root 11241100x8000000000000000658214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d799be7996a205132021-12-21 12:22:43.444root 11241100x8000000000000000658215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a385428b3a7ad5e2021-12-21 12:22:43.444root 11241100x8000000000000000658216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8999f77455d308632021-12-21 12:22:43.444root 11241100x8000000000000000658217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a54c56d1f6d1e8f2021-12-21 12:22:43.444root 11241100x8000000000000000658218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6261ab3158c7544c2021-12-21 12:22:43.444root 11241100x8000000000000000658219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8059cc36b1bc528e2021-12-21 12:22:43.445root 11241100x8000000000000000658220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec3ad408be705002021-12-21 12:22:43.445root 11241100x8000000000000000658221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24ab1e80037f7ae2021-12-21 12:22:43.445root 11241100x8000000000000000658222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270dbd0ae47099862021-12-21 12:22:43.445root 11241100x8000000000000000658223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49784ee7e94bccc2021-12-21 12:22:43.445root 11241100x8000000000000000658224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1902cc4ea244fc2021-12-21 12:22:43.445root 11241100x8000000000000000658225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c26f312f2f3c232021-12-21 12:22:43.446root 11241100x8000000000000000658226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1968f34273db702021-12-21 12:22:43.446root 11241100x8000000000000000658227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fdc4c2a12176c02021-12-21 12:22:43.446root 11241100x8000000000000000658228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9b2581f279cd612021-12-21 12:22:43.446root 11241100x8000000000000000658229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980703c97db480f92021-12-21 12:22:43.446root 11241100x8000000000000000658230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8214b4562ac3ddbe2021-12-21 12:22:43.446root 11241100x8000000000000000658231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136e993d7946b6ed2021-12-21 12:22:43.446root 11241100x8000000000000000658232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c44b38bda202ecc2021-12-21 12:22:43.446root 11241100x8000000000000000658233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22263e44285ce7052021-12-21 12:22:43.447root 11241100x8000000000000000658234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8c63aad7f632252021-12-21 12:22:43.447root 11241100x8000000000000000658235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a5d73375ae61072021-12-21 12:22:43.447root 11241100x8000000000000000658236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7311eb9d3af6c9572021-12-21 12:22:43.447root 11241100x8000000000000000658237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ecea597c0f06112021-12-21 12:22:43.447root 11241100x8000000000000000658238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09fac6a4c42e1b22021-12-21 12:22:43.943root 11241100x8000000000000000658239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b42c4983d6471d12021-12-21 12:22:43.943root 11241100x8000000000000000658240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ed2e026b02a1f52021-12-21 12:22:43.943root 11241100x8000000000000000658241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9649fb22551416182021-12-21 12:22:43.943root 11241100x8000000000000000658242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbeac7534cef9d092021-12-21 12:22:43.943root 11241100x8000000000000000658243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a86725dc8cffd92021-12-21 12:22:43.943root 11241100x8000000000000000658244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14490b2a5eea258c2021-12-21 12:22:43.944root 11241100x8000000000000000658245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b1a164917ef8362021-12-21 12:22:43.944root 11241100x8000000000000000658246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95eb7366c483f5ef2021-12-21 12:22:43.944root 11241100x8000000000000000658247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6195f0b432d4cb772021-12-21 12:22:43.944root 11241100x8000000000000000658248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498c95cd3609e9122021-12-21 12:22:43.944root 11241100x8000000000000000658249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48255ff3c6a136dc2021-12-21 12:22:43.944root 11241100x8000000000000000658250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455ce37f02428ec62021-12-21 12:22:43.944root 11241100x8000000000000000658251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41411914829211692021-12-21 12:22:43.944root 11241100x8000000000000000658252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82c5c8dcd3191922021-12-21 12:22:43.944root 11241100x8000000000000000658253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c909bd3bc701e52021-12-21 12:22:43.945root 11241100x8000000000000000658254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e3f4c78d8f01482021-12-21 12:22:43.945root 11241100x8000000000000000658255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612b025aecae9e032021-12-21 12:22:43.945root 11241100x8000000000000000658256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50493be458c2dbca2021-12-21 12:22:43.945root 11241100x8000000000000000658257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711100ffe3ffe9842021-12-21 12:22:43.945root 11241100x8000000000000000658258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d7521dc5ed145f2021-12-21 12:22:43.945root 11241100x8000000000000000658259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222a3e9e76b920382021-12-21 12:22:43.945root 11241100x8000000000000000658260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90b7b1d1c154c382021-12-21 12:22:43.945root 11241100x8000000000000000658261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3de5fc9237c5b4b2021-12-21 12:22:43.945root 11241100x8000000000000000658262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60207ed720d62e682021-12-21 12:22:43.945root 11241100x8000000000000000658263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1326c2019aac67002021-12-21 12:22:43.946root 11241100x8000000000000000658264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0c97e031cd5a372021-12-21 12:22:43.946root 11241100x8000000000000000658265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a486e06f7490b12021-12-21 12:22:43.946root 11241100x8000000000000000658266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e063ca16c9a72f9b2021-12-21 12:22:43.946root 11241100x8000000000000000658267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836ce2159fec47ed2021-12-21 12:22:44.443root 11241100x8000000000000000658268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8b54e744f782c22021-12-21 12:22:44.443root 11241100x8000000000000000658269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b75c8ad5f496b6a2021-12-21 12:22:44.443root 11241100x8000000000000000658270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58cf494c9b3be082021-12-21 12:22:44.444root 11241100x8000000000000000658271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7e1cc83fb07aed2021-12-21 12:22:44.444root 11241100x8000000000000000658272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6a691bb2549f362021-12-21 12:22:44.444root 11241100x8000000000000000658273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b87d1f216eef3c2021-12-21 12:22:44.444root 11241100x8000000000000000658274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278fa23594342cfe2021-12-21 12:22:44.444root 11241100x8000000000000000658275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9187fc29c0909d12021-12-21 12:22:44.444root 11241100x8000000000000000658276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ddd8ee075602a52021-12-21 12:22:44.444root 11241100x8000000000000000658277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffbdbfb31468c902021-12-21 12:22:44.444root 11241100x8000000000000000658278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1d2797b27937172021-12-21 12:22:44.444root 11241100x8000000000000000658279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec516f39a9839bfa2021-12-21 12:22:44.444root 11241100x8000000000000000658280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98456c5169c8109c2021-12-21 12:22:44.444root 11241100x8000000000000000658281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e25b91b7ddac292021-12-21 12:22:44.444root 11241100x8000000000000000658282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acf0245da5ed0562021-12-21 12:22:44.445root 11241100x8000000000000000658283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d60122b9dc610812021-12-21 12:22:44.445root 11241100x8000000000000000658284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cac575318c2d7502021-12-21 12:22:44.445root 11241100x8000000000000000658285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71687361bada9d5c2021-12-21 12:22:44.445root 11241100x8000000000000000658286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d47f90b095cbd12021-12-21 12:22:44.445root 11241100x8000000000000000658287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03e8acb98cb18242021-12-21 12:22:44.445root 11241100x8000000000000000658288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72c7cf445ff4ae22021-12-21 12:22:44.445root 11241100x8000000000000000658289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55766b3847f9f7f12021-12-21 12:22:44.445root 11241100x8000000000000000658290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c305e85cd971e152021-12-21 12:22:44.445root 11241100x8000000000000000658291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd38b9ccab15ca2b2021-12-21 12:22:44.445root 11241100x8000000000000000658292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010352675ad2744a2021-12-21 12:22:44.445root 11241100x8000000000000000658293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2876d4616146caf2021-12-21 12:22:44.445root 11241100x8000000000000000658294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030fd7b608f1193c2021-12-21 12:22:44.445root 11241100x8000000000000000658295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c19386a2482d4922021-12-21 12:22:44.943root 11241100x8000000000000000658296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73d50ecfa8e87af2021-12-21 12:22:44.943root 11241100x8000000000000000658297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e89924191c9b452021-12-21 12:22:44.943root 11241100x8000000000000000658298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa3f81298b1d8052021-12-21 12:22:44.944root 11241100x8000000000000000658299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0253753693a0a2a62021-12-21 12:22:44.944root 11241100x8000000000000000658300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215fb72a2d2473032021-12-21 12:22:44.944root 11241100x8000000000000000658301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597fe7852d1be8132021-12-21 12:22:44.944root 11241100x8000000000000000658302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498b8fd1c7f804062021-12-21 12:22:44.944root 11241100x8000000000000000658303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b5fecaf60400a12021-12-21 12:22:44.944root 11241100x8000000000000000658304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22e841043c135232021-12-21 12:22:44.944root 11241100x8000000000000000658305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa156d619f30e0c42021-12-21 12:22:44.944root 11241100x8000000000000000658306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aebf2be21b4cfb52021-12-21 12:22:44.944root 11241100x8000000000000000658307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd3f6a7fd9586ea2021-12-21 12:22:44.944root 11241100x8000000000000000658308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3615eae2c15c172021-12-21 12:22:44.945root 11241100x8000000000000000658309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686327e784c9fb9a2021-12-21 12:22:44.945root 11241100x8000000000000000658310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cfeef45cdbd4172021-12-21 12:22:44.945root 11241100x8000000000000000658311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbac972f891f9c8c2021-12-21 12:22:44.945root 11241100x8000000000000000658312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5dbe0e77d58f192021-12-21 12:22:44.945root 11241100x8000000000000000658313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ec264c3d5b5ad72021-12-21 12:22:44.945root 11241100x8000000000000000658314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23df9d9c5d7caaaf2021-12-21 12:22:44.945root 11241100x8000000000000000658315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25c573bc82f35a52021-12-21 12:22:44.945root 11241100x8000000000000000658316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18bbd787a61701a2021-12-21 12:22:44.945root 11241100x8000000000000000658317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4ccd3f705517982021-12-21 12:22:44.945root 11241100x8000000000000000658318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79337982b38266e02021-12-21 12:22:44.945root 11241100x8000000000000000658319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d564c60a00c4f89f2021-12-21 12:22:44.945root 11241100x8000000000000000658320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7da94fd487805b2021-12-21 12:22:44.946root 11241100x8000000000000000658321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb558a1eac80298f2021-12-21 12:22:44.946root 11241100x8000000000000000658322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bc3f98eb0dfa392021-12-21 12:22:44.946root 11241100x8000000000000000658323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786494f4c0ae82622021-12-21 12:22:44.946root 11241100x8000000000000000658324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0469d8e2ffcfc062021-12-21 12:22:44.946root 11241100x8000000000000000658325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dab4d8fb016348b2021-12-21 12:22:45.443root 11241100x8000000000000000658326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0007af3a421cd82021-12-21 12:22:45.443root 11241100x8000000000000000658327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ff04425ee7d16b2021-12-21 12:22:45.443root 11241100x8000000000000000658328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7e760941f8cf312021-12-21 12:22:45.443root 11241100x8000000000000000658329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55e9beff5ac59682021-12-21 12:22:45.444root 11241100x8000000000000000658330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19dc0efecf9933462021-12-21 12:22:45.444root 11241100x8000000000000000658331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56952f80d14632f2021-12-21 12:22:45.444root 11241100x8000000000000000658332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd622c4ca5ceaf12021-12-21 12:22:45.444root 11241100x8000000000000000658333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4b165c5299025e2021-12-21 12:22:45.444root 11241100x8000000000000000658334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ca9d78cf7cf3da2021-12-21 12:22:45.444root 11241100x8000000000000000658335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb8c14f68e354a92021-12-21 12:22:45.444root 11241100x8000000000000000658336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c092017ab52c9fd22021-12-21 12:22:45.444root 11241100x8000000000000000658337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da0392a8befef172021-12-21 12:22:45.444root 11241100x8000000000000000658338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9837f777817110a22021-12-21 12:22:45.444root 11241100x8000000000000000658339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be46a90369fbd41b2021-12-21 12:22:45.445root 11241100x8000000000000000658340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d265a3c73448ea672021-12-21 12:22:45.445root 11241100x8000000000000000658341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce956f081b1f9cc82021-12-21 12:22:45.445root 11241100x8000000000000000658342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015886ee307054ac2021-12-21 12:22:45.445root 11241100x8000000000000000658343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4200d48ab9d41df52021-12-21 12:22:45.445root 11241100x8000000000000000658344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4defc28c67161652021-12-21 12:22:45.445root 11241100x8000000000000000658345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a2665337d9a21a2021-12-21 12:22:45.445root 11241100x8000000000000000658346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76aabbea23f5ee932021-12-21 12:22:45.445root 11241100x8000000000000000658347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9de8a30b312376e2021-12-21 12:22:45.445root 11241100x8000000000000000658348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91bc1fd6150a7be2021-12-21 12:22:45.445root 11241100x8000000000000000658349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa5a3a45649dd232021-12-21 12:22:45.445root 11241100x8000000000000000658350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f229f746c95c17c32021-12-21 12:22:45.446root 11241100x8000000000000000658351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f5466679fadb922021-12-21 12:22:45.446root 11241100x8000000000000000658352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b368dcce428ace2021-12-21 12:22:45.446root 11241100x8000000000000000658353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd09355e08dc937c2021-12-21 12:22:45.943root 11241100x8000000000000000658354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc28684530c90fc2021-12-21 12:22:45.943root 11241100x8000000000000000658355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4b61c6b6b60ebf2021-12-21 12:22:45.943root 11241100x8000000000000000658356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13cbb8dced000e452021-12-21 12:22:45.943root 11241100x8000000000000000658357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244375d23c6d54e72021-12-21 12:22:45.944root 11241100x8000000000000000658358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b0f8a1f8e714ac2021-12-21 12:22:45.944root 11241100x8000000000000000658359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26d0082abd43ae52021-12-21 12:22:45.944root 11241100x8000000000000000658360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3af205883ee83ca2021-12-21 12:22:45.944root 11241100x8000000000000000658361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d535c3c1ca48a122021-12-21 12:22:45.944root 11241100x8000000000000000658362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10d168a4cf4b3162021-12-21 12:22:45.944root 11241100x8000000000000000658363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d0096fca5eeb072021-12-21 12:22:45.944root 11241100x8000000000000000658364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83a6ff49bfedfc82021-12-21 12:22:45.944root 11241100x8000000000000000658365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23e26ebf97189b62021-12-21 12:22:45.944root 11241100x8000000000000000658366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91075d1676d178182021-12-21 12:22:45.944root 11241100x8000000000000000658367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577c72d5515e9dce2021-12-21 12:22:45.944root 11241100x8000000000000000658368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284bc83f9f1a706c2021-12-21 12:22:45.944root 11241100x8000000000000000658369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8988a27a2b546aee2021-12-21 12:22:45.944root 11241100x8000000000000000658370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d7c08dfe965fd72021-12-21 12:22:45.944root 11241100x8000000000000000658371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2270cdbf986120102021-12-21 12:22:45.944root 11241100x8000000000000000658372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ecbb23e69c48692021-12-21 12:22:45.945root 11241100x8000000000000000658373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082e530a3406bf9b2021-12-21 12:22:45.945root 11241100x8000000000000000658374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1350709d280876422021-12-21 12:22:45.945root 11241100x8000000000000000658375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e331ad104235c682021-12-21 12:22:45.945root 11241100x8000000000000000658376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ea9b22126b71422021-12-21 12:22:45.945root 11241100x8000000000000000658377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbaccf72eb289762021-12-21 12:22:45.945root 11241100x8000000000000000658378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d934f6d6ae3eff2021-12-21 12:22:45.945root 11241100x8000000000000000658379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6404bba26c6f6dd2021-12-21 12:22:45.945root 11241100x8000000000000000658380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30f2b0c1c08b5362021-12-21 12:22:45.945root 11241100x8000000000000000658381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5d771a0d84cbdc2021-12-21 12:22:46.443root 11241100x8000000000000000658382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e162bcaa751a46762021-12-21 12:22:46.443root 11241100x8000000000000000658383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5c7e9e8464cea52021-12-21 12:22:46.443root 11241100x8000000000000000658384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0beb6485ed2943222021-12-21 12:22:46.443root 11241100x8000000000000000658385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e620ab59571b302021-12-21 12:22:46.443root 11241100x8000000000000000658386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb147a10e45ee252021-12-21 12:22:46.443root 11241100x8000000000000000658387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5b2803fec5a79b2021-12-21 12:22:46.443root 11241100x8000000000000000658388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591adc8c78b4684f2021-12-21 12:22:46.443root 11241100x8000000000000000658389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc61cd4daf5ce1e2021-12-21 12:22:46.443root 11241100x8000000000000000658390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0d4be97c3bd5f52021-12-21 12:22:46.443root 11241100x8000000000000000658391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa58d611a60ce2b2021-12-21 12:22:46.444root 11241100x8000000000000000658392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614881f42f4e62d32021-12-21 12:22:46.444root 11241100x8000000000000000658393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541a3a74b076cb622021-12-21 12:22:46.444root 11241100x8000000000000000658394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4b637a8ea2e4a52021-12-21 12:22:46.444root 11241100x8000000000000000658395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e060a1ce3df7452021-12-21 12:22:46.444root 11241100x8000000000000000658396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46066ba81c71476e2021-12-21 12:22:46.444root 11241100x8000000000000000658397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed61a96f1133ace2021-12-21 12:22:46.444root 11241100x8000000000000000658398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a6a024a0be5ace2021-12-21 12:22:46.444root 11241100x8000000000000000658399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fce86b650bb89a22021-12-21 12:22:46.444root 11241100x8000000000000000658400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1d76a7e63f92552021-12-21 12:22:46.445root 11241100x8000000000000000658401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94ab08aa6146a582021-12-21 12:22:46.445root 11241100x8000000000000000658402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e378ec762db119b2021-12-21 12:22:46.445root 11241100x8000000000000000658403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06d140abcdcca892021-12-21 12:22:46.445root 11241100x8000000000000000658404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65debb98aed3e9442021-12-21 12:22:46.445root 11241100x8000000000000000658405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da5fd893a3685062021-12-21 12:22:46.445root 11241100x8000000000000000658406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693f9e24a6f04fb82021-12-21 12:22:46.445root 11241100x8000000000000000658407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e484a31faf5affb2021-12-21 12:22:46.445root 11241100x8000000000000000658408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088e722a5709dded2021-12-21 12:22:46.445root 11241100x8000000000000000658409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c1088e18e289d12021-12-21 12:22:46.445root 11241100x8000000000000000658410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6b8486b46ca0472021-12-21 12:22:46.445root 11241100x8000000000000000658411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb227d56120e8652021-12-21 12:22:46.446root 11241100x8000000000000000658412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cef97f52f9871662021-12-21 12:22:46.943root 11241100x8000000000000000658413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdbc06decec17142021-12-21 12:22:46.943root 11241100x8000000000000000658414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7f14a48cc6f7e82021-12-21 12:22:46.943root 11241100x8000000000000000658415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6949d1b4d291282021-12-21 12:22:46.943root 11241100x8000000000000000658416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7bca5354db11f32021-12-21 12:22:46.943root 11241100x8000000000000000658417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350e002913b483002021-12-21 12:22:46.943root 11241100x8000000000000000658418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973ccdbd47c65d122021-12-21 12:22:46.943root 11241100x8000000000000000658419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90def7c75b4c84882021-12-21 12:22:46.944root 11241100x8000000000000000658420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f72b412000012de2021-12-21 12:22:46.944root 11241100x8000000000000000658421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fe9639494e47fa2021-12-21 12:22:46.944root 11241100x8000000000000000658422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6150140ee8bc96412021-12-21 12:22:46.944root 11241100x8000000000000000658423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d475aa7588821ff2021-12-21 12:22:46.944root 11241100x8000000000000000658424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5733536b74cae9522021-12-21 12:22:46.944root 11241100x8000000000000000658425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38e744c2d70bbca2021-12-21 12:22:46.944root 11241100x8000000000000000658426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984ba60ff0d8abdc2021-12-21 12:22:46.944root 11241100x8000000000000000658427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a535ab92a14939c2021-12-21 12:22:46.944root 11241100x8000000000000000658428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523245a48cc040a52021-12-21 12:22:46.945root 11241100x8000000000000000658429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf27cebc673c7a12021-12-21 12:22:46.945root 11241100x8000000000000000658430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a68a3bb1dfa3f6f2021-12-21 12:22:46.945root 11241100x8000000000000000658431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c102c7f4451ea42021-12-21 12:22:46.945root 11241100x8000000000000000658432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a37d42bee0900162021-12-21 12:22:46.945root 11241100x8000000000000000658433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e144f77763c251222021-12-21 12:22:46.945root 11241100x8000000000000000658434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00faddf898f2e402021-12-21 12:22:46.945root 11241100x8000000000000000658435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d4d2f919463e252021-12-21 12:22:46.945root 11241100x8000000000000000658436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1e1714a21b648c2021-12-21 12:22:46.945root 11241100x8000000000000000658437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ea7732a7c2df822021-12-21 12:22:46.945root 11241100x8000000000000000658438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1159f3579e07e802021-12-21 12:22:46.945root 11241100x8000000000000000658439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302b20d374857e1e2021-12-21 12:22:46.945root 354300x8000000000000000658440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.208{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49902-false10.0.1.12-8000- 11241100x8000000000000000658441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500a3c4118f9ca0c2021-12-21 12:22:47.208root 11241100x8000000000000000658442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1db4cd2f3a1d20c2021-12-21 12:22:47.208root 11241100x8000000000000000658443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0073c4673687d92021-12-21 12:22:47.209root 11241100x8000000000000000658444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df5264ea46e619b2021-12-21 12:22:47.209root 11241100x8000000000000000658445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93878c6bdbb38c12021-12-21 12:22:47.209root 11241100x8000000000000000658446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a3b342510650872021-12-21 12:22:47.209root 11241100x8000000000000000658447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a560c6a49747ef2021-12-21 12:22:47.209root 11241100x8000000000000000658448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af1261f258a7d7c2021-12-21 12:22:47.209root 11241100x8000000000000000658449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0636d1809cc2c6da2021-12-21 12:22:47.209root 11241100x8000000000000000658450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646db6dea0c66f5a2021-12-21 12:22:47.210root 11241100x8000000000000000658451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec93507d133675c32021-12-21 12:22:47.210root 11241100x8000000000000000658452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88f59ee619d77222021-12-21 12:22:47.210root 11241100x8000000000000000658453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38cf13a970f93de2021-12-21 12:22:47.210root 11241100x8000000000000000658454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e003aea2b2906692021-12-21 12:22:47.210root 11241100x8000000000000000658455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1f822e33f00d2b2021-12-21 12:22:47.210root 11241100x8000000000000000658456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8a4f71b80497732021-12-21 12:22:47.210root 11241100x8000000000000000658457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f3768fc5c4893b2021-12-21 12:22:47.210root 11241100x8000000000000000658458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6140e4c218cf812021-12-21 12:22:47.210root 11241100x8000000000000000658459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f969c21218a866362021-12-21 12:22:47.210root 11241100x8000000000000000658460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99837cb221e9a62e2021-12-21 12:22:47.210root 11241100x8000000000000000658461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2144db264c7b002021-12-21 12:22:47.210root 11241100x8000000000000000658462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742d69661acb51a92021-12-21 12:22:47.210root 11241100x8000000000000000658463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54245e40664ccbe2021-12-21 12:22:47.211root 11241100x8000000000000000658464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84ca25f3aac12842021-12-21 12:22:47.211root 11241100x8000000000000000658465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0b39f19fbe06332021-12-21 12:22:47.211root 11241100x8000000000000000658466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d778319649bbad92021-12-21 12:22:47.211root 11241100x8000000000000000658467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1226eb16b9df10f72021-12-21 12:22:47.211root 11241100x8000000000000000658468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e295b0992cd8952021-12-21 12:22:47.211root 11241100x8000000000000000658469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d701c32532be00ef2021-12-21 12:22:47.211root 11241100x8000000000000000658470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62837a15acc59ac82021-12-21 12:22:47.211root 11241100x8000000000000000658471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00767b7204133012021-12-21 12:22:47.211root 11241100x8000000000000000658472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb1b236acca236b2021-12-21 12:22:47.212root 11241100x8000000000000000658473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca4f9b55be8adcb2021-12-21 12:22:47.212root 11241100x8000000000000000658474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eef8933eabc684f2021-12-21 12:22:47.212root 11241100x8000000000000000658475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6f86bf529354fe2021-12-21 12:22:47.212root 11241100x8000000000000000658476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d80211c28162c72021-12-21 12:22:47.212root 11241100x8000000000000000658477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cae1cd70770079a2021-12-21 12:22:47.212root 11241100x8000000000000000658478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2637bd9d90a19bbb2021-12-21 12:22:47.212root 11241100x8000000000000000658479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5fe21b028c58ee2021-12-21 12:22:47.693root 11241100x8000000000000000658480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678f91e84ff5ec202021-12-21 12:22:47.693root 11241100x8000000000000000658481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788121e81342fe772021-12-21 12:22:47.693root 11241100x8000000000000000658482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6392e82acc84b4c2021-12-21 12:22:47.693root 11241100x8000000000000000658483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387020de341aedc92021-12-21 12:22:47.694root 11241100x8000000000000000658484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca254030ae5aa1e92021-12-21 12:22:47.694root 11241100x8000000000000000658485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8a657d8e74937a2021-12-21 12:22:47.694root 11241100x8000000000000000658486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79d36d42a2e98e82021-12-21 12:22:47.694root 11241100x8000000000000000658487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487ebbabbe2eae8c2021-12-21 12:22:47.694root 11241100x8000000000000000658488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872d1e5e28d78c6a2021-12-21 12:22:47.694root 11241100x8000000000000000658489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f17febadc54be752021-12-21 12:22:47.694root 11241100x8000000000000000658490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf63977763f7585a2021-12-21 12:22:47.694root 11241100x8000000000000000658491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06aec727bbd683f02021-12-21 12:22:47.695root 11241100x8000000000000000658492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d135e1e8d9ed5d2021-12-21 12:22:47.695root 11241100x8000000000000000658493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9904d0f64a322142021-12-21 12:22:47.695root 11241100x8000000000000000658494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f73cae2981a1282021-12-21 12:22:47.695root 11241100x8000000000000000658495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880d9f56595ae8e22021-12-21 12:22:47.695root 11241100x8000000000000000658496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c9071477a8af272021-12-21 12:22:47.695root 11241100x8000000000000000658497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89ad9fb4c7ae6152021-12-21 12:22:47.695root 11241100x8000000000000000658498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e82121f27148a92021-12-21 12:22:47.695root 11241100x8000000000000000658499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7839c3cbca84eeba2021-12-21 12:22:47.695root 11241100x8000000000000000658500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2751d2d546dad1a62021-12-21 12:22:47.696root 11241100x8000000000000000658501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597004af548662072021-12-21 12:22:47.696root 11241100x8000000000000000658502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0d432e8457804d2021-12-21 12:22:47.696root 11241100x8000000000000000658503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42801a7c23fcfcd02021-12-21 12:22:47.696root 11241100x8000000000000000658504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9f4b7288b7d4c22021-12-21 12:22:47.696root 11241100x8000000000000000658505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df77a49078d43312021-12-21 12:22:47.696root 11241100x8000000000000000658506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c318e90b0267b7bb2021-12-21 12:22:47.697root 11241100x8000000000000000658507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80ff1ede69852a32021-12-21 12:22:47.697root 11241100x8000000000000000658508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03290d651003cb352021-12-21 12:22:48.193root 11241100x8000000000000000658509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0d21ec7abfa7522021-12-21 12:22:48.193root 11241100x8000000000000000658510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c75e0b20f941b8e2021-12-21 12:22:48.193root 11241100x8000000000000000658511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307e9920b8ffaef32021-12-21 12:22:48.194root 11241100x8000000000000000658512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9b3c9b17f2af352021-12-21 12:22:48.194root 11241100x8000000000000000658513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f931f2d9cb498ac2021-12-21 12:22:48.194root 11241100x8000000000000000658514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6bc4a5e4e2bb372021-12-21 12:22:48.194root 11241100x8000000000000000658515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2329f8e6edc2f42021-12-21 12:22:48.194root 11241100x8000000000000000658516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b17611ddd1959642021-12-21 12:22:48.195root 11241100x8000000000000000658517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f94fb693a354532021-12-21 12:22:48.195root 11241100x8000000000000000658518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d348735a79ad2cb2021-12-21 12:22:48.195root 11241100x8000000000000000658519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3eb19175345b752021-12-21 12:22:48.195root 11241100x8000000000000000658520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24234983c4fefe952021-12-21 12:22:48.195root 11241100x8000000000000000658521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29781e4a84a819492021-12-21 12:22:48.195root 11241100x8000000000000000658522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460a1a828534b1d12021-12-21 12:22:48.195root 11241100x8000000000000000658523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d5ac90285567b32021-12-21 12:22:48.195root 11241100x8000000000000000658524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07af757487b4f5a2021-12-21 12:22:48.195root 11241100x8000000000000000658525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3eab40a4664b972021-12-21 12:22:48.195root 11241100x8000000000000000658526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193a7bb4d7fb1c972021-12-21 12:22:48.196root 11241100x8000000000000000658527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949da9e9c3fe79222021-12-21 12:22:48.196root 11241100x8000000000000000658528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1150a30873ee96af2021-12-21 12:22:48.196root 11241100x8000000000000000658529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29274d4452097942021-12-21 12:22:48.196root 11241100x8000000000000000658530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeeecabbfe46814e2021-12-21 12:22:48.196root 11241100x8000000000000000658531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e03b8b4209128f2021-12-21 12:22:48.196root 11241100x8000000000000000658532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245c9b6d8060da3a2021-12-21 12:22:48.196root 11241100x8000000000000000658533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ef2b257462d2c42021-12-21 12:22:48.196root 11241100x8000000000000000658534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e5d015839410e12021-12-21 12:22:48.196root 11241100x8000000000000000658535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06746a83b8806bd2021-12-21 12:22:48.196root 11241100x8000000000000000658536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cdfe45380fb7932021-12-21 12:22:48.197root 11241100x8000000000000000658537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83dc5959413b25f32021-12-21 12:22:48.197root 11241100x8000000000000000658538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2d9afb258b40a22021-12-21 12:22:48.197root 11241100x8000000000000000658539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec3905662ec4f072021-12-21 12:22:48.693root 11241100x8000000000000000658540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3a8993ca4c151e2021-12-21 12:22:48.693root 11241100x8000000000000000658541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31356d4766f1aca62021-12-21 12:22:48.693root 11241100x8000000000000000658542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72558485840b9d5c2021-12-21 12:22:48.693root 11241100x8000000000000000658543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff8fb921f28ddd02021-12-21 12:22:48.693root 11241100x8000000000000000658544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3420367e98319bad2021-12-21 12:22:48.694root 11241100x8000000000000000658545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dab8227c8042d962021-12-21 12:22:48.694root 11241100x8000000000000000658546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b0826f5486b1372021-12-21 12:22:48.694root 11241100x8000000000000000658547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c83cc4e6fab8aac2021-12-21 12:22:48.694root 11241100x8000000000000000658548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb430e80f256fb52021-12-21 12:22:48.694root 11241100x8000000000000000658549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b30f8093eeb5042021-12-21 12:22:48.694root 11241100x8000000000000000658550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028dd9bddd254cb72021-12-21 12:22:48.694root 11241100x8000000000000000658551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030ce847564749bb2021-12-21 12:22:48.694root 11241100x8000000000000000658552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cb3780a9b1863e2021-12-21 12:22:48.694root 11241100x8000000000000000658553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4963a42a81c7822021-12-21 12:22:48.694root 11241100x8000000000000000658554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf902e4958b0d662021-12-21 12:22:48.695root 11241100x8000000000000000658555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ec9abee5c4e1502021-12-21 12:22:48.695root 11241100x8000000000000000658556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e440beb563d247c2021-12-21 12:22:48.695root 11241100x8000000000000000658557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d11463aa99d9fba2021-12-21 12:22:48.695root 11241100x8000000000000000658558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a129d2d7fe1cc62021-12-21 12:22:48.695root 11241100x8000000000000000658559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16922b812d8bbc32021-12-21 12:22:48.695root 11241100x8000000000000000658560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4f3d9d360f9bd12021-12-21 12:22:48.695root 11241100x8000000000000000658561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166cf9e0a5299a712021-12-21 12:22:48.696root 11241100x8000000000000000658562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f100ae69fcdab812021-12-21 12:22:48.696root 11241100x8000000000000000658563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e19b1faba18530c2021-12-21 12:22:48.696root 11241100x8000000000000000658564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a03318b141282512021-12-21 12:22:48.696root 11241100x8000000000000000658565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d15f5fbb5f6b322021-12-21 12:22:48.696root 11241100x8000000000000000658566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20c3cc24da3e3f92021-12-21 12:22:48.696root 11241100x8000000000000000658567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8b30f548ac43242021-12-21 12:22:48.696root 11241100x8000000000000000658568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d06b9030f33bed2021-12-21 12:22:49.193root 11241100x8000000000000000658569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13997eedb9f8e2452021-12-21 12:22:49.193root 11241100x8000000000000000658570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5887625ea0c0c82021-12-21 12:22:49.193root 11241100x8000000000000000658571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16a074bca0028cb2021-12-21 12:22:49.193root 11241100x8000000000000000658572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135b1e9a6cc096ce2021-12-21 12:22:49.193root 11241100x8000000000000000658573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f5fa4214b935222021-12-21 12:22:49.193root 11241100x8000000000000000658574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e8059e3c2831732021-12-21 12:22:49.193root 11241100x8000000000000000658575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe6b8f99d38ddb72021-12-21 12:22:49.193root 11241100x8000000000000000658576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc9472f4d54027d2021-12-21 12:22:49.193root 11241100x8000000000000000658577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d3664099f527ed2021-12-21 12:22:49.193root 11241100x8000000000000000658578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffee0e820ea02c4a2021-12-21 12:22:49.193root 11241100x8000000000000000658579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921141be8d2a1b572021-12-21 12:22:49.194root 11241100x8000000000000000658580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fcadb672fe38c42021-12-21 12:22:49.194root 11241100x8000000000000000658581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff311c4567fe79b2021-12-21 12:22:49.194root 11241100x8000000000000000658582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b46f9b5bc0c6a3b2021-12-21 12:22:49.194root 11241100x8000000000000000658583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb81ad7dedf78f242021-12-21 12:22:49.194root 11241100x8000000000000000658584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a137d64dd986e7562021-12-21 12:22:49.194root 11241100x8000000000000000658585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1875b16a13a1820d2021-12-21 12:22:49.194root 11241100x8000000000000000658586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8f0103476579342021-12-21 12:22:49.194root 11241100x8000000000000000658587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d0a9570a2107102021-12-21 12:22:49.195root 11241100x8000000000000000658588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea307b3b22728cb2021-12-21 12:22:49.195root 11241100x8000000000000000658589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4548c40339cf514e2021-12-21 12:22:49.195root 11241100x8000000000000000658590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8774be6d8181cf12021-12-21 12:22:49.195root 11241100x8000000000000000658591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d8c2775d974f0a2021-12-21 12:22:49.195root 11241100x8000000000000000658592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108f615fd7c300eb2021-12-21 12:22:49.195root 11241100x8000000000000000658593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b065ade5ff430e2021-12-21 12:22:49.195root 11241100x8000000000000000658594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7951457b0d1edd3e2021-12-21 12:22:49.195root 11241100x8000000000000000658595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c993bf58e428e79d2021-12-21 12:22:49.195root 11241100x8000000000000000658596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3040d2465a04ac922021-12-21 12:22:49.196root 11241100x8000000000000000658597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c0685006f9e83a2021-12-21 12:22:49.196root 11241100x8000000000000000658598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d2ba58771149e72021-12-21 12:22:49.196root 11241100x8000000000000000658599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed755fc09160cfb62021-12-21 12:22:49.693root 11241100x8000000000000000658600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249da93048760f202021-12-21 12:22:49.693root 11241100x8000000000000000658601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f26d405510fdda2021-12-21 12:22:49.694root 11241100x8000000000000000658602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1609e3db3dd0bf82021-12-21 12:22:49.694root 11241100x8000000000000000658603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ddbb48b5f754532021-12-21 12:22:49.694root 11241100x8000000000000000658604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a519f3998d62772021-12-21 12:22:49.694root 11241100x8000000000000000658605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56c8fc06a90449a2021-12-21 12:22:49.694root 11241100x8000000000000000658606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56183e9a6236d4fe2021-12-21 12:22:49.694root 11241100x8000000000000000658607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f3d7198df58d592021-12-21 12:22:49.694root 11241100x8000000000000000658608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a38e9f1a387eadf2021-12-21 12:22:49.694root 11241100x8000000000000000658609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e347a568ee583c2b2021-12-21 12:22:49.694root 11241100x8000000000000000658610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31906094cf00f6d2021-12-21 12:22:49.694root 11241100x8000000000000000658611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a5e25d74aee98e2021-12-21 12:22:49.694root 11241100x8000000000000000658612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b4e7ba4f4aaa272021-12-21 12:22:49.694root 11241100x8000000000000000658613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e2b601862736162021-12-21 12:22:49.694root 11241100x8000000000000000658614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20191ef5a778d16e2021-12-21 12:22:49.694root 11241100x8000000000000000658615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff188468e04d1872021-12-21 12:22:49.694root 11241100x8000000000000000658616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e8bbf762f889222021-12-21 12:22:49.695root 11241100x8000000000000000658617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea2660d3347f3842021-12-21 12:22:49.695root 11241100x8000000000000000658618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1456b61851bf931f2021-12-21 12:22:49.695root 11241100x8000000000000000658619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a37b2bfa29245fd2021-12-21 12:22:49.695root 11241100x8000000000000000658620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd343254e2035f62021-12-21 12:22:49.695root 11241100x8000000000000000658621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a7e33148f2d4862021-12-21 12:22:49.695root 11241100x8000000000000000658622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf49c6e29ddb6ff2021-12-21 12:22:49.695root 11241100x8000000000000000658623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51659ca9b2c78f12021-12-21 12:22:49.695root 11241100x8000000000000000658624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30166cb42fae9eaf2021-12-21 12:22:49.695root 11241100x8000000000000000658625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74e28f07a4cc1cb2021-12-21 12:22:49.695root 11241100x8000000000000000658626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a51fbe8b4223982021-12-21 12:22:49.695root 11241100x8000000000000000658627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9559584bd61325242021-12-21 12:22:49.696root 11241100x8000000000000000658628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e295a334908d6f2021-12-21 12:22:50.193root 11241100x8000000000000000658629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3b3c76c218ec292021-12-21 12:22:50.193root 11241100x8000000000000000658630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2aea235bc9102912021-12-21 12:22:50.193root 11241100x8000000000000000658631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eac3a92e419b2f62021-12-21 12:22:50.193root 11241100x8000000000000000658632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ef133ceb2cdc252021-12-21 12:22:50.193root 11241100x8000000000000000658633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881da663bc26cf6d2021-12-21 12:22:50.193root 11241100x8000000000000000658634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b8bf9f17a60d782021-12-21 12:22:50.193root 11241100x8000000000000000658635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cacdef4521e5ac52021-12-21 12:22:50.193root 11241100x8000000000000000658636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5331a8f95558d15d2021-12-21 12:22:50.193root 11241100x8000000000000000658637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994ccc6640a84e342021-12-21 12:22:50.194root 11241100x8000000000000000658638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e8e08fb84d3e5c2021-12-21 12:22:50.194root 11241100x8000000000000000658639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41139e1571046e3f2021-12-21 12:22:50.194root 11241100x8000000000000000658640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5246d663945a982021-12-21 12:22:50.194root 11241100x8000000000000000658641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6b3f5fe5ea588f2021-12-21 12:22:50.194root 11241100x8000000000000000658642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736777e01fba65c82021-12-21 12:22:50.194root 11241100x8000000000000000658643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a684004fb7d19572021-12-21 12:22:50.194root 11241100x8000000000000000658644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6cdf82be2593212021-12-21 12:22:50.194root 11241100x8000000000000000658645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9af36960c9ada32021-12-21 12:22:50.194root 11241100x8000000000000000658646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf038b06d7847b012021-12-21 12:22:50.194root 11241100x8000000000000000658647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f675609f6025a37f2021-12-21 12:22:50.194root 11241100x8000000000000000658648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c535467c1f2a20582021-12-21 12:22:50.195root 11241100x8000000000000000658649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6322489948e48b742021-12-21 12:22:50.195root 11241100x8000000000000000658650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6a36ffc8a7dbd52021-12-21 12:22:50.195root 11241100x8000000000000000658651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48697a5f44b946d42021-12-21 12:22:50.195root 11241100x8000000000000000658652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55b9c1e4b2ec6a42021-12-21 12:22:50.195root 11241100x8000000000000000658653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec90d49fd2526c5f2021-12-21 12:22:50.195root 11241100x8000000000000000658654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69818d644bbbc272021-12-21 12:22:50.195root 11241100x8000000000000000658655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bffee172fb36ea2021-12-21 12:22:50.196root 11241100x8000000000000000658656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef202a3ce805ffdd2021-12-21 12:22:50.196root 11241100x8000000000000000658657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca07393db9fd1c872021-12-21 12:22:50.196root 11241100x8000000000000000658658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d97d221459701492021-12-21 12:22:50.693root 11241100x8000000000000000658659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7cdf8286d8f06e2021-12-21 12:22:50.693root 11241100x8000000000000000658660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95e7f5a95c3473b2021-12-21 12:22:50.693root 11241100x8000000000000000658661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac7b1c25d367e4f2021-12-21 12:22:50.693root 11241100x8000000000000000658662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457f37725fd250442021-12-21 12:22:50.693root 11241100x8000000000000000658663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d6762435d4aab62021-12-21 12:22:50.693root 11241100x8000000000000000658664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01e9c163c1f0f1f2021-12-21 12:22:50.693root 11241100x8000000000000000658665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b93c10c4d0db4482021-12-21 12:22:50.693root 11241100x8000000000000000658666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60af590cc25c67482021-12-21 12:22:50.693root 11241100x8000000000000000658667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b652adade6cc37f2021-12-21 12:22:50.693root 11241100x8000000000000000658668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97db4c9cf93397e02021-12-21 12:22:50.694root 11241100x8000000000000000658669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9319b4f76cfe22312021-12-21 12:22:50.694root 11241100x8000000000000000658670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108fd0d7f9e8b20a2021-12-21 12:22:50.694root 11241100x8000000000000000658671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fa2d97acc2877f2021-12-21 12:22:50.694root 11241100x8000000000000000658672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bd39ff85ef2e6a2021-12-21 12:22:50.694root 11241100x8000000000000000658673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d7e9922f48bd532021-12-21 12:22:50.694root 11241100x8000000000000000658674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6877262798eb92982021-12-21 12:22:50.694root 11241100x8000000000000000658675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d54285cf92385742021-12-21 12:22:50.694root 11241100x8000000000000000658676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7b7bab90ab08282021-12-21 12:22:50.694root 11241100x8000000000000000658677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd27ddeaf2840bf2021-12-21 12:22:50.694root 11241100x8000000000000000658678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cfe2ab041e371c2021-12-21 12:22:50.694root 11241100x8000000000000000658679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a23648f694880aa2021-12-21 12:22:50.694root 11241100x8000000000000000658680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4aa30942fe946b2021-12-21 12:22:50.695root 11241100x8000000000000000658681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841b54240522aefb2021-12-21 12:22:50.695root 11241100x8000000000000000658682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06a830d19cbcc1b2021-12-21 12:22:50.695root 11241100x8000000000000000658683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5940af5ad16076622021-12-21 12:22:50.695root 11241100x8000000000000000658684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d399da84913d242021-12-21 12:22:50.695root 11241100x8000000000000000658685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda0b5109470e10c2021-12-21 12:22:50.695root 11241100x8000000000000000658686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255145d96b1186ec2021-12-21 12:22:50.695root 11241100x8000000000000000658687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2527bb02c694c1a2021-12-21 12:22:50.695root 11241100x8000000000000000658688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc39036b4ca31dc22021-12-21 12:22:50.695root 11241100x8000000000000000658689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b84a9fb1560c2cd2021-12-21 12:22:50.696root 11241100x8000000000000000658690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a041d5cbfce28e232021-12-21 12:22:51.193root 11241100x8000000000000000658691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0787ebb5344a492021-12-21 12:22:51.194root 11241100x8000000000000000658692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece42ab7c99b34472021-12-21 12:22:51.194root 11241100x8000000000000000658693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb321cd539245132021-12-21 12:22:51.194root 11241100x8000000000000000658694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a626ac760e1b8892021-12-21 12:22:51.194root 11241100x8000000000000000658695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f6e65357a3a3822021-12-21 12:22:51.194root 11241100x8000000000000000658696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d510c1328fec07e42021-12-21 12:22:51.195root 11241100x8000000000000000658697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605adb177724c6a42021-12-21 12:22:51.195root 11241100x8000000000000000658698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc5fd3a0679633f2021-12-21 12:22:51.195root 11241100x8000000000000000658699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3698cdbd2f143d2021-12-21 12:22:51.195root 11241100x8000000000000000658700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410ab23f9039921b2021-12-21 12:22:51.195root 11241100x8000000000000000658701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae44e1d8a73bbe22021-12-21 12:22:51.195root 11241100x8000000000000000658702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75eedba156f6c9f2021-12-21 12:22:51.196root 11241100x8000000000000000658703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c10c081bd77ca952021-12-21 12:22:51.196root 11241100x8000000000000000658704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b217412c1ea124592021-12-21 12:22:51.196root 11241100x8000000000000000658705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302ab5607c23a0b82021-12-21 12:22:51.196root 11241100x8000000000000000658706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a018481a7b68253a2021-12-21 12:22:51.196root 11241100x8000000000000000658707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa47f702945a86882021-12-21 12:22:51.196root 11241100x8000000000000000658708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2251690873f568ce2021-12-21 12:22:51.196root 11241100x8000000000000000658709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39171b095051af5f2021-12-21 12:22:51.197root 11241100x8000000000000000658710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b704d499d9f3d672021-12-21 12:22:51.197root 11241100x8000000000000000658711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e78ecea79363222021-12-21 12:22:51.197root 11241100x8000000000000000658712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59192f33334c49a92021-12-21 12:22:51.197root 11241100x8000000000000000658713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98ca594b60ff3002021-12-21 12:22:51.197root 11241100x8000000000000000658714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80abbf8819674112021-12-21 12:22:51.197root 11241100x8000000000000000658715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9e6f60924227eb2021-12-21 12:22:51.198root 11241100x8000000000000000658716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaaf463a5ac728cd2021-12-21 12:22:51.198root 11241100x8000000000000000658717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176d88fbe7328f6d2021-12-21 12:22:51.198root 11241100x8000000000000000658718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c99e8a0597b2ffa2021-12-21 12:22:51.198root 11241100x8000000000000000658719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2727e8880b64472021-12-21 12:22:51.693root 11241100x8000000000000000658720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e57b4c9f54792bf2021-12-21 12:22:51.693root 11241100x8000000000000000658721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ef8d9e246473702021-12-21 12:22:51.693root 11241100x8000000000000000658722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3875255ea9f691a62021-12-21 12:22:51.693root 11241100x8000000000000000658723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cde69d7866022a2021-12-21 12:22:51.693root 11241100x8000000000000000658724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abf80b8b93481432021-12-21 12:22:51.694root 11241100x8000000000000000658725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ca8da8b53201e22021-12-21 12:22:51.694root 11241100x8000000000000000658726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711cf100c0d956cd2021-12-21 12:22:51.694root 11241100x8000000000000000658727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a2d3d5f65d859d2021-12-21 12:22:51.695root 11241100x8000000000000000658728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7036820e70f357c2021-12-21 12:22:51.695root 11241100x8000000000000000658729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e37b0eb98699e202021-12-21 12:22:51.695root 11241100x8000000000000000658730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ea036ec81dd72f2021-12-21 12:22:51.695root 11241100x8000000000000000658731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6277617f5757f5ea2021-12-21 12:22:51.696root 11241100x8000000000000000658732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381a3f4e014393552021-12-21 12:22:51.696root 11241100x8000000000000000658733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9044e4e0b5b12532021-12-21 12:22:51.697root 11241100x8000000000000000658734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3478b347359bbe202021-12-21 12:22:51.697root 11241100x8000000000000000658735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca969c446cb545572021-12-21 12:22:51.697root 11241100x8000000000000000658736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b823e36d1677dd42021-12-21 12:22:51.697root 11241100x8000000000000000658737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0db07ac6d93e642021-12-21 12:22:51.697root 11241100x8000000000000000658738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7d632820093e0d2021-12-21 12:22:51.698root 11241100x8000000000000000658739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c126ae3ecfb99d622021-12-21 12:22:51.698root 11241100x8000000000000000658740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537100737178da682021-12-21 12:22:51.698root 11241100x8000000000000000658741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f34eed6496932cb2021-12-21 12:22:51.699root 11241100x8000000000000000658742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aada8023b214c592021-12-21 12:22:51.699root 11241100x8000000000000000658743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5a746017155e1c2021-12-21 12:22:51.699root 11241100x8000000000000000658744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1c387c12a7a56d2021-12-21 12:22:51.700root 11241100x8000000000000000658745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b135563784d86ab92021-12-21 12:22:51.700root 11241100x8000000000000000658746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab8a1f7632257fd2021-12-21 12:22:51.700root 11241100x8000000000000000658747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0240e30661a4f95f2021-12-21 12:22:51.700root 11241100x8000000000000000658748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90438393a6ee6622021-12-21 12:22:51.701root 11241100x8000000000000000658749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7a1e143ba3a02d2021-12-21 12:22:51.701root 11241100x8000000000000000658750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9f7b02c92a9c962021-12-21 12:22:51.702root 11241100x8000000000000000658751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72553a01d290c20e2021-12-21 12:22:51.706root 11241100x8000000000000000658752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:51.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b266550b5165ba2021-12-21 12:22:51.706root 11241100x8000000000000000658753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da46966f64a1c8d2021-12-21 12:22:52.193root 11241100x8000000000000000658754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b07e3eeddaab4072021-12-21 12:22:52.193root 11241100x8000000000000000658755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6f444869d8e9852021-12-21 12:22:52.194root 11241100x8000000000000000658756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf754ec9753df73b2021-12-21 12:22:52.194root 11241100x8000000000000000658757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27d175a7fe5b3632021-12-21 12:22:52.194root 11241100x8000000000000000658758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0eae5465b5c7592021-12-21 12:22:52.194root 11241100x8000000000000000658759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0c085448beb8b52021-12-21 12:22:52.194root 11241100x8000000000000000658760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0066975479856f162021-12-21 12:22:52.194root 11241100x8000000000000000658761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b96355f9e19994d2021-12-21 12:22:52.195root 11241100x8000000000000000658762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f238b1d43ceab9c2021-12-21 12:22:52.195root 11241100x8000000000000000658763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d14eafc91cc9fc82021-12-21 12:22:52.195root 11241100x8000000000000000658764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687b7e84b1b24c732021-12-21 12:22:52.195root 11241100x8000000000000000658765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3332abe33d76b12021-12-21 12:22:52.195root 11241100x8000000000000000658766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2f4ced7831c0d82021-12-21 12:22:52.195root 11241100x8000000000000000658767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc96e1d574797fb2021-12-21 12:22:52.195root 11241100x8000000000000000658768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0fdcf99400c7042021-12-21 12:22:52.195root 11241100x8000000000000000658769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cecf204f9540d52021-12-21 12:22:52.196root 11241100x8000000000000000658770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2e52789c275c9c2021-12-21 12:22:52.196root 11241100x8000000000000000658771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd45157a892fa3232021-12-21 12:22:52.196root 11241100x8000000000000000658772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8beb3557a258542021-12-21 12:22:52.196root 11241100x8000000000000000658773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95468f7d5fbf88e92021-12-21 12:22:52.196root 11241100x8000000000000000658774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdf20b8a6e666c92021-12-21 12:22:52.196root 11241100x8000000000000000658775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc8fc26103f29c12021-12-21 12:22:52.196root 11241100x8000000000000000658776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a451a3621b2437b2021-12-21 12:22:52.196root 11241100x8000000000000000658777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a7570a6c25b0bb2021-12-21 12:22:52.196root 11241100x8000000000000000658778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f339f853c8c491f22021-12-21 12:22:52.197root 11241100x8000000000000000658779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713f1a0a99b4e7452021-12-21 12:22:52.197root 11241100x8000000000000000658780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e5dd9f7453c1762021-12-21 12:22:52.197root 11241100x8000000000000000658781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bc4dcd1943cdc62021-12-21 12:22:52.197root 11241100x8000000000000000658782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c39e8c7bda5d6b2021-12-21 12:22:52.693root 11241100x8000000000000000658783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884148f5e01cc53c2021-12-21 12:22:52.693root 11241100x8000000000000000658784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6980fd69b247862021-12-21 12:22:52.693root 11241100x8000000000000000658785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52cebda5ca4099662021-12-21 12:22:52.694root 11241100x8000000000000000658786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec162ad1ad433db2021-12-21 12:22:52.694root 11241100x8000000000000000658787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66acd13d9021a7042021-12-21 12:22:52.694root 11241100x8000000000000000658788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328129bb178482942021-12-21 12:22:52.694root 11241100x8000000000000000658789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6669f18529d9393e2021-12-21 12:22:52.694root 11241100x8000000000000000658790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca0b02c1b9c19592021-12-21 12:22:52.694root 11241100x8000000000000000658791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46d4602d108747d2021-12-21 12:22:52.694root 11241100x8000000000000000658792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6e8f66aed677c52021-12-21 12:22:52.694root 11241100x8000000000000000658793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108da86db2075aa52021-12-21 12:22:52.694root 11241100x8000000000000000658794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8e52d916fd485f2021-12-21 12:22:52.694root 11241100x8000000000000000658795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52761a439d4e63112021-12-21 12:22:52.694root 11241100x8000000000000000658796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72d399b75aab50f2021-12-21 12:22:52.694root 11241100x8000000000000000658797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6db0647675288c42021-12-21 12:22:52.694root 11241100x8000000000000000658798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3bf4a39a25e7102021-12-21 12:22:52.694root 11241100x8000000000000000658799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e307d468343d22202021-12-21 12:22:52.694root 11241100x8000000000000000658800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d9a129ea9767d72021-12-21 12:22:52.695root 11241100x8000000000000000658801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4aaf8aa72b300f2021-12-21 12:22:52.695root 11241100x8000000000000000658802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6454a47c895e714b2021-12-21 12:22:52.695root 11241100x8000000000000000658803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcede99f631993eb2021-12-21 12:22:52.695root 11241100x8000000000000000658804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee9fe55df6be7982021-12-21 12:22:52.695root 11241100x8000000000000000658805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320ed18e6e28ccf82021-12-21 12:22:52.695root 11241100x8000000000000000658806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b355dcbd780e516a2021-12-21 12:22:52.695root 11241100x8000000000000000658807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4c23663b247c022021-12-21 12:22:52.695root 11241100x8000000000000000658808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a02b2fa611ee5e2021-12-21 12:22:52.695root 11241100x8000000000000000658809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1409afedb509f72021-12-21 12:22:52.695root 11241100x8000000000000000658810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acb4d8efd0673e72021-12-21 12:22:52.695root 354300x8000000000000000658811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.075{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49904-false10.0.1.12-8000- 11241100x8000000000000000658812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.076{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa46fd941f7e9c362021-12-21 12:22:53.076root 11241100x8000000000000000658813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.076{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017fe96709758d662021-12-21 12:22:53.076root 11241100x8000000000000000658814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.076{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b2781a434a1ae72021-12-21 12:22:53.076root 11241100x8000000000000000658815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.076{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55f8ef4bb91cabf2021-12-21 12:22:53.076root 11241100x8000000000000000658816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.076{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b247806512243b002021-12-21 12:22:53.076root 11241100x8000000000000000658817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.076{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf44d3a1ce5b3a72021-12-21 12:22:53.076root 11241100x8000000000000000658818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32debd896d64c1d2021-12-21 12:22:53.077root 11241100x8000000000000000658819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20cc89b015202de72021-12-21 12:22:53.077root 11241100x8000000000000000658820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f4006fcdec0cad2021-12-21 12:22:53.077root 11241100x8000000000000000658821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d232b62babd1bc2021-12-21 12:22:53.077root 11241100x8000000000000000658822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c91911a1f9f7332021-12-21 12:22:53.077root 11241100x8000000000000000658823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e79007e1f7cf4722021-12-21 12:22:53.077root 11241100x8000000000000000658824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af1537a9bedc8772021-12-21 12:22:53.077root 11241100x8000000000000000658825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e578bc2997b984a52021-12-21 12:22:53.077root 11241100x8000000000000000658826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2029f5c5586abf2021-12-21 12:22:53.077root 11241100x8000000000000000658827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9462dd9badd31c812021-12-21 12:22:53.077root 11241100x8000000000000000658828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156241723e47e6c52021-12-21 12:22:53.078root 11241100x8000000000000000658829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868806109259d3f22021-12-21 12:22:53.078root 11241100x8000000000000000658830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c821d3adf042d48f2021-12-21 12:22:53.078root 11241100x8000000000000000658831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c30b494257ce0882021-12-21 12:22:53.078root 11241100x8000000000000000658832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030d15ff173e8e432021-12-21 12:22:53.078root 11241100x8000000000000000658833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1148d86cec956fb2021-12-21 12:22:53.078root 11241100x8000000000000000658834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462f9308a1dd23612021-12-21 12:22:53.078root 11241100x8000000000000000658835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b5bbf9c89ca42b2021-12-21 12:22:53.078root 11241100x8000000000000000658836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54923e3795c30ff2021-12-21 12:22:53.078root 11241100x8000000000000000658837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.079{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0143d200208e18642021-12-21 12:22:53.079root 11241100x8000000000000000658838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a8db46bcf35eb12021-12-21 12:22:53.080root 11241100x8000000000000000658839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeaf69cd85109bed2021-12-21 12:22:53.080root 11241100x8000000000000000658840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767da54787a60e552021-12-21 12:22:53.080root 11241100x8000000000000000658841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b25c4e02b859872021-12-21 12:22:53.080root 11241100x8000000000000000658842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69e267c8b1c45172021-12-21 12:22:53.081root 11241100x8000000000000000658843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fcb5a3ee303a8d2021-12-21 12:22:53.081root 11241100x8000000000000000658844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f296087bdbdc522021-12-21 12:22:53.081root 11241100x8000000000000000658845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b93d555bdcdca742021-12-21 12:22:53.081root 11241100x8000000000000000658846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3651094a661d5d7a2021-12-21 12:22:53.081root 11241100x8000000000000000658847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62428dba21f35fc2021-12-21 12:22:53.081root 11241100x8000000000000000658848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72a375992e9faa62021-12-21 12:22:53.081root 11241100x8000000000000000658849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2359ba12f8c86142021-12-21 12:22:53.082root 11241100x8000000000000000658850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fd4be7e90356e22021-12-21 12:22:53.082root 11241100x8000000000000000658851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0201bf496af3d9f02021-12-21 12:22:53.082root 11241100x8000000000000000658852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc09a3f22a74c202021-12-21 12:22:53.082root 11241100x8000000000000000658853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85740e2ec9bf67bc2021-12-21 12:22:53.082root 11241100x8000000000000000658854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4d7e5c5798ab6e2021-12-21 12:22:53.082root 11241100x8000000000000000658855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c360d1261b4add92021-12-21 12:22:53.082root 11241100x8000000000000000658856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab38d8b70913214d2021-12-21 12:22:53.082root 11241100x8000000000000000658857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c66c4772d39cf72021-12-21 12:22:53.083root 11241100x8000000000000000658858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13841f09ab69e9f62021-12-21 12:22:53.083root 11241100x8000000000000000658859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1f74a5e2255f092021-12-21 12:22:53.083root 11241100x8000000000000000658860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8929f183e44a2d62021-12-21 12:22:53.083root 11241100x8000000000000000658861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065883a70c2c96422021-12-21 12:22:53.083root 11241100x8000000000000000658862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78fe15057b2e4962021-12-21 12:22:53.083root 11241100x8000000000000000658863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f3dd7f7ae2ffe92021-12-21 12:22:53.084root 11241100x8000000000000000658864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3536d121165d948f2021-12-21 12:22:53.084root 11241100x8000000000000000658865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164d6f9a10c79eb52021-12-21 12:22:53.443root 11241100x8000000000000000658866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9bcb92b652ff542021-12-21 12:22:53.443root 11241100x8000000000000000658867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d8f35444c08b2e2021-12-21 12:22:53.443root 11241100x8000000000000000658868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c531eeb860a97f2021-12-21 12:22:53.443root 11241100x8000000000000000658869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fc46c81b2955da2021-12-21 12:22:53.443root 11241100x8000000000000000658870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef818a81fb3afa02021-12-21 12:22:53.443root 11241100x8000000000000000658871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d297155c43ed24742021-12-21 12:22:53.443root 11241100x8000000000000000658872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e7d12c67c8b03c2021-12-21 12:22:53.444root 11241100x8000000000000000658873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3019667453aa9e22021-12-21 12:22:53.444root 11241100x8000000000000000658874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9d31961ad0dd072021-12-21 12:22:53.444root 11241100x8000000000000000658875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d252e2ac214b3bf2021-12-21 12:22:53.444root 11241100x8000000000000000658876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfcd082e1c7d9722021-12-21 12:22:53.444root 11241100x8000000000000000658877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973f5897568255f32021-12-21 12:22:53.444root 11241100x8000000000000000658878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000380937d4476ac2021-12-21 12:22:53.444root 11241100x8000000000000000658879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1924944c7a3d9bf52021-12-21 12:22:53.444root 11241100x8000000000000000658880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad3e8549b22b2212021-12-21 12:22:53.444root 11241100x8000000000000000658881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0cdb41f0cd613f2021-12-21 12:22:53.444root 11241100x8000000000000000658882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de230f18d051f7c2021-12-21 12:22:53.444root 11241100x8000000000000000658883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30b30e88d3e9c652021-12-21 12:22:53.444root 11241100x8000000000000000658884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366b7c04d16724da2021-12-21 12:22:53.445root 11241100x8000000000000000658885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcba2ca6ba8cc382021-12-21 12:22:53.445root 11241100x8000000000000000658886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f322052bea6140932021-12-21 12:22:53.445root 11241100x8000000000000000658887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6422538f8acac4a02021-12-21 12:22:53.445root 11241100x8000000000000000658888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117dced37df057c62021-12-21 12:22:53.445root 11241100x8000000000000000658889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29234c5b9d5b42a92021-12-21 12:22:53.445root 11241100x8000000000000000658890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200e7108054ca36a2021-12-21 12:22:53.445root 11241100x8000000000000000658891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fd4805db2e44a32021-12-21 12:22:53.445root 11241100x8000000000000000658892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cea20c602fa0412021-12-21 12:22:53.445root 11241100x8000000000000000658893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01b0796dd582ea72021-12-21 12:22:53.445root 11241100x8000000000000000658894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13158340344fed1f2021-12-21 12:22:53.445root 11241100x8000000000000000658895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01fcd271e0b67ba2021-12-21 12:22:53.445root 11241100x8000000000000000658896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65c9fc930030f1f2021-12-21 12:22:53.446root 11241100x8000000000000000658897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa675343b77462d02021-12-21 12:22:53.446root 11241100x8000000000000000658898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73817819e5a7d512021-12-21 12:22:53.446root 11241100x8000000000000000658899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dacf5372f091092021-12-21 12:22:53.446root 11241100x8000000000000000658900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0c90e855baa8892021-12-21 12:22:53.446root 11241100x8000000000000000658901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237dc7fa14eac3f12021-12-21 12:22:53.943root 11241100x8000000000000000658902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5f011145cd0b282021-12-21 12:22:53.943root 11241100x8000000000000000658903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8881b6d7131079822021-12-21 12:22:53.943root 11241100x8000000000000000658904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62527b0cf4fa6ee42021-12-21 12:22:53.944root 11241100x8000000000000000658905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d78e619586cdec2021-12-21 12:22:53.944root 11241100x8000000000000000658906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f8437e534a0ea62021-12-21 12:22:53.944root 11241100x8000000000000000658907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d735a9431334a52021-12-21 12:22:53.944root 11241100x8000000000000000658908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa40200b3d54d3d2021-12-21 12:22:53.944root 11241100x8000000000000000658909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2143c97b91db262021-12-21 12:22:53.944root 11241100x8000000000000000658910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddd60b139cea58f2021-12-21 12:22:53.944root 11241100x8000000000000000658911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281ce4b815cae4fc2021-12-21 12:22:53.944root 11241100x8000000000000000658912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e301f10113e1ef302021-12-21 12:22:53.944root 11241100x8000000000000000658913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65f52b13e2221082021-12-21 12:22:53.944root 11241100x8000000000000000658914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154ec42c42be77762021-12-21 12:22:53.944root 11241100x8000000000000000658915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efe0d6f0a8edef72021-12-21 12:22:53.945root 11241100x8000000000000000658916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca31a2a2754c0692021-12-21 12:22:53.945root 11241100x8000000000000000658917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4af6c59736bc1122021-12-21 12:22:53.945root 11241100x8000000000000000658918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089b1a1512b09aa32021-12-21 12:22:53.945root 11241100x8000000000000000658919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb036cb73dddbcb2021-12-21 12:22:53.945root 11241100x8000000000000000658920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5205cb141291a12021-12-21 12:22:53.945root 11241100x8000000000000000658921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52e1ed7a52e0f3a2021-12-21 12:22:53.945root 11241100x8000000000000000658922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2e4dcf85e45d7c2021-12-21 12:22:53.945root 11241100x8000000000000000658923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36790f92a8e4ceb02021-12-21 12:22:53.945root 11241100x8000000000000000658924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc5f43ba24c44d32021-12-21 12:22:53.945root 11241100x8000000000000000658925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee62a1d4eb3d6a2f2021-12-21 12:22:53.945root 11241100x8000000000000000658926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1869466c9789ab922021-12-21 12:22:53.945root 11241100x8000000000000000658927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c54ee3d351e43d2021-12-21 12:22:53.946root 11241100x8000000000000000658928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca45cc8aa9a0fbee2021-12-21 12:22:53.946root 11241100x8000000000000000658929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f19274496e1bbd2021-12-21 12:22:53.946root 11241100x8000000000000000658930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ab66f8c22f93a22021-12-21 12:22:53.946root 11241100x8000000000000000658931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f8044b6f49c2232021-12-21 12:22:53.946root 11241100x8000000000000000658932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a88c2af6e4874c2021-12-21 12:22:53.946root 11241100x8000000000000000658933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c760b685c06cc32021-12-21 12:22:53.946root 11241100x8000000000000000658934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e884ebaca5945a2021-12-21 12:22:54.443root 11241100x8000000000000000658935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3da7882b3323be2021-12-21 12:22:54.443root 11241100x8000000000000000658936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcda88be5b94157d2021-12-21 12:22:54.443root 11241100x8000000000000000658937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679ce46e28c582082021-12-21 12:22:54.443root 11241100x8000000000000000658938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01aeba6ae00a4dd2021-12-21 12:22:54.444root 11241100x8000000000000000658939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bcb5a450ad1c7a2021-12-21 12:22:54.444root 11241100x8000000000000000658940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86be7a59e4d0a02b2021-12-21 12:22:54.444root 11241100x8000000000000000658941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2eee0c594bac5c2021-12-21 12:22:54.444root 11241100x8000000000000000658942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef27f3f0d43cfbe2021-12-21 12:22:54.444root 11241100x8000000000000000658943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b871b8d83d8fb92021-12-21 12:22:54.444root 11241100x8000000000000000658944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7074eb56f58ab8c2021-12-21 12:22:54.444root 11241100x8000000000000000658945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730258f1dd6b399e2021-12-21 12:22:54.444root 11241100x8000000000000000658946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c071dd46c4d645bf2021-12-21 12:22:54.444root 11241100x8000000000000000658947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5244fa52357e372021-12-21 12:22:54.444root 11241100x8000000000000000658948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c114d66f6eba728e2021-12-21 12:22:54.444root 11241100x8000000000000000658949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e6495756fedac92021-12-21 12:22:54.444root 11241100x8000000000000000658950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9cfb01c5967cdb2021-12-21 12:22:54.444root 11241100x8000000000000000658951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2acf38089597e52021-12-21 12:22:54.444root 11241100x8000000000000000658952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c495b380d5b07612021-12-21 12:22:54.444root 11241100x8000000000000000658953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2317c74a401dd99d2021-12-21 12:22:54.444root 11241100x8000000000000000658954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc1808303f1e3a42021-12-21 12:22:54.445root 11241100x8000000000000000658955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91521acaa08f3e0b2021-12-21 12:22:54.445root 11241100x8000000000000000658956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62ed9c85d8b78c12021-12-21 12:22:54.445root 11241100x8000000000000000658957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751e080df871a4a12021-12-21 12:22:54.445root 11241100x8000000000000000658958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e2eb7628e4e9ff2021-12-21 12:22:54.445root 11241100x8000000000000000658959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f692f9e3b0f0bea52021-12-21 12:22:54.445root 11241100x8000000000000000658960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b89b519b888b3a72021-12-21 12:22:54.445root 11241100x8000000000000000658961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a585cc3c2a7f7b72021-12-21 12:22:54.445root 11241100x8000000000000000658962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45429f4e3f3a2af92021-12-21 12:22:54.445root 11241100x8000000000000000658963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6c993d7cc331922021-12-21 12:22:54.445root 11241100x8000000000000000658964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4a32f77778b94d2021-12-21 12:22:54.943root 11241100x8000000000000000658965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ebc305317f28362021-12-21 12:22:54.943root 11241100x8000000000000000658966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7fec718414d87a2021-12-21 12:22:54.943root 11241100x8000000000000000658967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b406b82e40057fff2021-12-21 12:22:54.944root 11241100x8000000000000000658968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add899e8729dd2f12021-12-21 12:22:54.944root 11241100x8000000000000000658969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86904ff56f369d8b2021-12-21 12:22:54.944root 11241100x8000000000000000658970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158a4cef17f6ce052021-12-21 12:22:54.944root 11241100x8000000000000000658971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef606543090e44772021-12-21 12:22:54.944root 11241100x8000000000000000658972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da4135824224ef92021-12-21 12:22:54.944root 11241100x8000000000000000658973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4213bf06988399932021-12-21 12:22:54.944root 11241100x8000000000000000658974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083eefbf4c8263e32021-12-21 12:22:54.944root 11241100x8000000000000000658975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea81e28cf783028e2021-12-21 12:22:54.944root 11241100x8000000000000000658976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74dbe8bf76c1e0b42021-12-21 12:22:54.945root 11241100x8000000000000000658977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928a8c31e05e82632021-12-21 12:22:54.945root 11241100x8000000000000000658978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d622cd9c97ac6362021-12-21 12:22:54.945root 11241100x8000000000000000658979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1add99e591fecd8d2021-12-21 12:22:54.945root 11241100x8000000000000000658980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a529678de271012021-12-21 12:22:54.945root 11241100x8000000000000000658981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73524e1a5118eeb2021-12-21 12:22:54.945root 11241100x8000000000000000658982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee78678c66cf3da62021-12-21 12:22:54.945root 11241100x8000000000000000658983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d833a6b7a94740072021-12-21 12:22:54.945root 11241100x8000000000000000658984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a05eee0196c1cd42021-12-21 12:22:54.945root 11241100x8000000000000000658985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92fb71fd0ecbae22021-12-21 12:22:54.946root 11241100x8000000000000000658986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714808ef2f61ac6a2021-12-21 12:22:54.946root 11241100x8000000000000000658987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7a7f99bceace2d2021-12-21 12:22:54.946root 11241100x8000000000000000658988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8e68b5fae41c872021-12-21 12:22:54.946root 11241100x8000000000000000658989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bafcc387c492f02021-12-21 12:22:54.946root 11241100x8000000000000000658990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3aa65f9bb2b5242021-12-21 12:22:54.946root 11241100x8000000000000000658991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6bc42a510dcf422021-12-21 12:22:54.946root 11241100x8000000000000000658992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a4fd37a02f4c3e2021-12-21 12:22:54.946root 11241100x8000000000000000658993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c4c16f0533f4582021-12-21 12:22:54.946root 11241100x8000000000000000658994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf38dbe8200ef35b2021-12-21 12:22:55.443root 11241100x8000000000000000658995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858b237d8df8a9292021-12-21 12:22:55.444root 11241100x8000000000000000658996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0228d3520585d52021-12-21 12:22:55.444root 11241100x8000000000000000658997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1ac40edd6f4c682021-12-21 12:22:55.444root 11241100x8000000000000000658998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07177dd1aa24de972021-12-21 12:22:55.444root 11241100x8000000000000000658999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faadfbbf88536f722021-12-21 12:22:55.444root 11241100x8000000000000000659000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030cf606a16382112021-12-21 12:22:55.444root 11241100x8000000000000000659001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3706a586ccf900072021-12-21 12:22:55.444root 11241100x8000000000000000659002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41191ca3c9a173a02021-12-21 12:22:55.444root 11241100x8000000000000000659003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064f88f680ba9eff2021-12-21 12:22:55.445root 11241100x8000000000000000659004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133a54ea03f4ce8c2021-12-21 12:22:55.445root 11241100x8000000000000000659005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3732881c223e16a32021-12-21 12:22:55.445root 11241100x8000000000000000659006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5456ad63fa9b64a02021-12-21 12:22:55.445root 11241100x8000000000000000659007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb166e585249e592021-12-21 12:22:55.445root 11241100x8000000000000000659008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9bc659964220792021-12-21 12:22:55.445root 11241100x8000000000000000659009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0bdce7db3c1b682021-12-21 12:22:55.445root 11241100x8000000000000000659010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef552d7e32269d5a2021-12-21 12:22:55.445root 11241100x8000000000000000659011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f563f5b9f268a92021-12-21 12:22:55.446root 11241100x8000000000000000659012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e800808f82815e2021-12-21 12:22:55.446root 11241100x8000000000000000659013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cb8afa08d746332021-12-21 12:22:55.446root 11241100x8000000000000000659014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e608e907ec362c422021-12-21 12:22:55.446root 11241100x8000000000000000659015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8c331612ebf8f02021-12-21 12:22:55.446root 11241100x8000000000000000659016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5d351204a04bc22021-12-21 12:22:55.446root 11241100x8000000000000000659017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db506f7637d60152021-12-21 12:22:55.446root 11241100x8000000000000000659018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf70960bb9f4ea62021-12-21 12:22:55.446root 11241100x8000000000000000659019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9334e78a3f862c9a2021-12-21 12:22:55.447root 11241100x8000000000000000659020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2bd091058dd659f2021-12-21 12:22:55.447root 11241100x8000000000000000659021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed51ed4d2a553cf32021-12-21 12:22:55.447root 11241100x8000000000000000659022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d57e5d3cc96bed2021-12-21 12:22:55.447root 11241100x8000000000000000659023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8712b8e78a6843fd2021-12-21 12:22:55.447root 11241100x8000000000000000659024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b512b24c50152c152021-12-21 12:22:55.448root 11241100x8000000000000000659025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb20f3f91b53a272021-12-21 12:22:55.943root 11241100x8000000000000000659026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796b2633a904ff272021-12-21 12:22:55.943root 11241100x8000000000000000659027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10539a81bc984b92021-12-21 12:22:55.943root 11241100x8000000000000000659028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44897f86f0e1af22021-12-21 12:22:55.943root 11241100x8000000000000000659029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084c9d65b3587d8f2021-12-21 12:22:55.944root 11241100x8000000000000000659030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430aebce72ce11222021-12-21 12:22:55.944root 11241100x8000000000000000659031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4af6d29da6856b2021-12-21 12:22:55.944root 11241100x8000000000000000659032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301f56218535da052021-12-21 12:22:55.944root 11241100x8000000000000000659033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad772d57d95fce72021-12-21 12:22:55.944root 11241100x8000000000000000659034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacc41bab0373e302021-12-21 12:22:55.944root 11241100x8000000000000000659035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971afa87b43167f12021-12-21 12:22:55.944root 11241100x8000000000000000659036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8c9abca3017bf32021-12-21 12:22:55.944root 11241100x8000000000000000659037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541b501185d0dd9d2021-12-21 12:22:55.944root 11241100x8000000000000000659038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4aba06338214c42021-12-21 12:22:55.944root 11241100x8000000000000000659039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2f40d4f1130db92021-12-21 12:22:55.944root 11241100x8000000000000000659040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66455f20b1b20dc42021-12-21 12:22:55.944root 11241100x8000000000000000659041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3ed9c3332715ce2021-12-21 12:22:55.944root 11241100x8000000000000000659042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e07935e61ce12c2021-12-21 12:22:55.945root 11241100x8000000000000000659043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2cc9415bf046662021-12-21 12:22:55.945root 11241100x8000000000000000659044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a04b991f8c1a0b2021-12-21 12:22:55.945root 11241100x8000000000000000659045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9117145249665b2021-12-21 12:22:55.945root 11241100x8000000000000000659046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca25363b7eee90b22021-12-21 12:22:55.945root 11241100x8000000000000000659047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600c2a8e85204af62021-12-21 12:22:55.945root 11241100x8000000000000000659048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d9d1a119342e072021-12-21 12:22:55.945root 11241100x8000000000000000659049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2246651e1d99ce2021-12-21 12:22:55.945root 11241100x8000000000000000659050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea72af6ba6c608b02021-12-21 12:22:55.945root 11241100x8000000000000000659051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d58f95c62b05962021-12-21 12:22:55.945root 11241100x8000000000000000659052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3d396ff50c528c2021-12-21 12:22:55.945root 11241100x8000000000000000659053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15ddc9d4d62b8f02021-12-21 12:22:55.945root 11241100x8000000000000000659054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f687d3ab770f39b2021-12-21 12:22:55.945root 11241100x8000000000000000659055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306adec435ae88202021-12-21 12:22:56.443root 11241100x8000000000000000659056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e29ea29b81b0d82021-12-21 12:22:56.443root 11241100x8000000000000000659057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9365938ced5e552021-12-21 12:22:56.443root 11241100x8000000000000000659058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4373bc3d0bc39b2021-12-21 12:22:56.444root 11241100x8000000000000000659059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56887cb5410c9d872021-12-21 12:22:56.444root 11241100x8000000000000000659060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af312d35cbf255d2021-12-21 12:22:56.444root 11241100x8000000000000000659061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b7d3e73d55e1cb2021-12-21 12:22:56.444root 11241100x8000000000000000659062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3e3120f4257ed52021-12-21 12:22:56.444root 11241100x8000000000000000659063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb94a1f6b6c1b4c72021-12-21 12:22:56.444root 11241100x8000000000000000659064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1a5c25c30840782021-12-21 12:22:56.444root 11241100x8000000000000000659065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445c94fc7cd8157f2021-12-21 12:22:56.444root 11241100x8000000000000000659066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439bcd80f63d0fd12021-12-21 12:22:56.444root 11241100x8000000000000000659067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e28a0d68091e062021-12-21 12:22:56.444root 11241100x8000000000000000659068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13878e6e813df6ad2021-12-21 12:22:56.444root 11241100x8000000000000000659069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4608bc0066017462021-12-21 12:22:56.444root 11241100x8000000000000000659070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9d099d818e49a42021-12-21 12:22:56.444root 11241100x8000000000000000659071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03eeb839833e05a02021-12-21 12:22:56.444root 11241100x8000000000000000659072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0ee04b2dd5e8752021-12-21 12:22:56.444root 11241100x8000000000000000659073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b391a602fc190c2021-12-21 12:22:56.445root 11241100x8000000000000000659074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c749a29d32e6ba2021-12-21 12:22:56.445root 11241100x8000000000000000659075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fc13c8f73420da2021-12-21 12:22:56.445root 11241100x8000000000000000659076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20dbff103f716a592021-12-21 12:22:56.445root 11241100x8000000000000000659077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c679a8b8452e2a2021-12-21 12:22:56.445root 11241100x8000000000000000659078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067734608e0162fb2021-12-21 12:22:56.445root 11241100x8000000000000000659079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d227b14959dd2072021-12-21 12:22:56.445root 11241100x8000000000000000659080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb7142cbae011e92021-12-21 12:22:56.445root 11241100x8000000000000000659081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b83721cf6f012c2021-12-21 12:22:56.445root 11241100x8000000000000000659082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2f57aa3edfc5df2021-12-21 12:22:56.445root 11241100x8000000000000000659083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b0d3e703da9c5e2021-12-21 12:22:56.445root 11241100x8000000000000000659084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df101f2ecedda3752021-12-21 12:22:56.445root 11241100x8000000000000000659085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0269bea8b3abf39e2021-12-21 12:22:56.943root 11241100x8000000000000000659086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbc4e50b5bbcf082021-12-21 12:22:56.943root 11241100x8000000000000000659087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e776c28477b3e4112021-12-21 12:22:56.943root 11241100x8000000000000000659088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415cda36915abdf02021-12-21 12:22:56.943root 11241100x8000000000000000659089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb93591e838f57a2021-12-21 12:22:56.944root 11241100x8000000000000000659090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fe82cec66dfaad2021-12-21 12:22:56.944root 11241100x8000000000000000659091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6c22fc337409342021-12-21 12:22:56.944root 11241100x8000000000000000659092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18421e63dc01d9152021-12-21 12:22:56.944root 11241100x8000000000000000659093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbeaebef761e0f22021-12-21 12:22:56.944root 11241100x8000000000000000659094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5febf37c12c0c0762021-12-21 12:22:56.944root 11241100x8000000000000000659095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047913df3e4d017f2021-12-21 12:22:56.944root 11241100x8000000000000000659096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8588b7162e66654d2021-12-21 12:22:56.944root 11241100x8000000000000000659097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2645d4dc72fe1422021-12-21 12:22:56.944root 11241100x8000000000000000659098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eed1943b896a4d02021-12-21 12:22:56.944root 11241100x8000000000000000659099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbaf889d097f5da2021-12-21 12:22:56.944root 11241100x8000000000000000659100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ff19af3243c5aa2021-12-21 12:22:56.944root 11241100x8000000000000000659101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582794d98aa7f5362021-12-21 12:22:56.945root 11241100x8000000000000000659102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da7dcac429910392021-12-21 12:22:56.945root 11241100x8000000000000000659103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df87b72ff537d9ca2021-12-21 12:22:56.945root 11241100x8000000000000000659104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1af89ed99dea492021-12-21 12:22:56.945root 11241100x8000000000000000659105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ddadd804c5f9f82021-12-21 12:22:56.945root 11241100x8000000000000000659106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2730afc62e2236a2021-12-21 12:22:56.945root 11241100x8000000000000000659107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448ac0fb7fe476802021-12-21 12:22:56.945root 11241100x8000000000000000659108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e2e86dc96893ec2021-12-21 12:22:56.946root 11241100x8000000000000000659109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6126f289054916632021-12-21 12:22:56.946root 11241100x8000000000000000659110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3aa5dab1d3f85232021-12-21 12:22:56.946root 11241100x8000000000000000659111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebade6e62fda076c2021-12-21 12:22:56.946root 11241100x8000000000000000659112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6632a5bc8e77dc92021-12-21 12:22:56.946root 11241100x8000000000000000659113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3580bd154727d12021-12-21 12:22:56.946root 11241100x8000000000000000659114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e3521377d68f952021-12-21 12:22:56.946root 11241100x8000000000000000659115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684c84216e62cfc32021-12-21 12:22:56.947root 11241100x8000000000000000659116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4c50e0ccd35aa42021-12-21 12:22:57.443root 11241100x8000000000000000659117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b37fa7e04c646612021-12-21 12:22:57.443root 11241100x8000000000000000659118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2bd97ffa8c9d812021-12-21 12:22:57.443root 11241100x8000000000000000659119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e8b5d7a57b0e4b2021-12-21 12:22:57.443root 11241100x8000000000000000659120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd89710d390dacd32021-12-21 12:22:57.444root 11241100x8000000000000000659121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8c87cc3fc46af92021-12-21 12:22:57.444root 11241100x8000000000000000659122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901772dae6bccbc72021-12-21 12:22:57.444root 11241100x8000000000000000659123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8029c752e21eb8682021-12-21 12:22:57.444root 11241100x8000000000000000659124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e310207c525d562021-12-21 12:22:57.444root 11241100x8000000000000000659125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c779f9281b03dfee2021-12-21 12:22:57.444root 11241100x8000000000000000659126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68dbc3869cfd55c2021-12-21 12:22:57.444root 11241100x8000000000000000659127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c893b9e3d51cc6c32021-12-21 12:22:57.444root 11241100x8000000000000000659128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6462fd7d004fb3a92021-12-21 12:22:57.444root 11241100x8000000000000000659129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959507125286af2d2021-12-21 12:22:57.444root 11241100x8000000000000000659130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4c40578380d3372021-12-21 12:22:57.444root 11241100x8000000000000000659131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8720df4220929b412021-12-21 12:22:57.444root 11241100x8000000000000000659132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1471eed1cbf70fa42021-12-21 12:22:57.444root 11241100x8000000000000000659133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8d5ab846855a662021-12-21 12:22:57.444root 11241100x8000000000000000659134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee27125cef9153a92021-12-21 12:22:57.445root 11241100x8000000000000000659135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7248f9d26c7b69502021-12-21 12:22:57.445root 11241100x8000000000000000659136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ffcaa1a468070e2021-12-21 12:22:57.445root 11241100x8000000000000000659137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15a5f82eeabb06d2021-12-21 12:22:57.445root 11241100x8000000000000000659138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c7b4364ebe98af2021-12-21 12:22:57.445root 11241100x8000000000000000659139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717534457f81e4142021-12-21 12:22:57.445root 11241100x8000000000000000659140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d7166412230c642021-12-21 12:22:57.445root 11241100x8000000000000000659141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ec9a4b5e2975d72021-12-21 12:22:57.445root 11241100x8000000000000000659142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8382184332ba52492021-12-21 12:22:57.445root 11241100x8000000000000000659143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f19a712eeb8d302021-12-21 12:22:57.445root 11241100x8000000000000000659144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac87ccea7c3e5872021-12-21 12:22:57.445root 11241100x8000000000000000659145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0797e190c0a56b412021-12-21 12:22:57.445root 11241100x8000000000000000659146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c2c56b8f57bea82021-12-21 12:22:57.943root 11241100x8000000000000000659147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b999f509842b9cd2021-12-21 12:22:57.943root 11241100x8000000000000000659148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f5876a73215b382021-12-21 12:22:57.943root 11241100x8000000000000000659149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09a6d40ac5fcf2b2021-12-21 12:22:57.943root 11241100x8000000000000000659150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8249babd0d51cb2021-12-21 12:22:57.943root 11241100x8000000000000000659151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c88fd19010972f2021-12-21 12:22:57.943root 11241100x8000000000000000659152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebd52dee973e29d2021-12-21 12:22:57.944root 11241100x8000000000000000659153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286623b1438ad1422021-12-21 12:22:57.944root 11241100x8000000000000000659154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd1b43fad8c2fd92021-12-21 12:22:57.944root 11241100x8000000000000000659155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb40d14e58976872021-12-21 12:22:57.944root 11241100x8000000000000000659156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad96262f82eaec792021-12-21 12:22:57.944root 11241100x8000000000000000659157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb7d95ad087226b2021-12-21 12:22:57.944root 11241100x8000000000000000659158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b8422c123bd8f72021-12-21 12:22:57.944root 11241100x8000000000000000659159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136883bfa727055c2021-12-21 12:22:57.944root 11241100x8000000000000000659160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d479ab38d9cfabb32021-12-21 12:22:57.944root 11241100x8000000000000000659161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4532f3fe7d84b0142021-12-21 12:22:57.945root 11241100x8000000000000000659162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c75ced3055574a12021-12-21 12:22:57.945root 11241100x8000000000000000659163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ab28a4b7a37a732021-12-21 12:22:57.945root 11241100x8000000000000000659164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b0128327b0fbcf2021-12-21 12:22:57.945root 11241100x8000000000000000659165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2baeec71a017632021-12-21 12:22:57.945root 11241100x8000000000000000659166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdced42e2ddde612021-12-21 12:22:57.945root 11241100x8000000000000000659167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf8d8ec32d9ce032021-12-21 12:22:57.945root 11241100x8000000000000000659168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4a75c253923ca92021-12-21 12:22:57.945root 11241100x8000000000000000659169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8040d26b492d6c12021-12-21 12:22:57.945root 11241100x8000000000000000659170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d54bca1f59e9632021-12-21 12:22:57.945root 11241100x8000000000000000659171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86e731fab01f6922021-12-21 12:22:57.945root 11241100x8000000000000000659172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbaabfa89169f46c2021-12-21 12:22:57.945root 11241100x8000000000000000659173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5912b7475642a7e52021-12-21 12:22:57.946root 11241100x8000000000000000659174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb888b1f93090bc2021-12-21 12:22:57.946root 11241100x8000000000000000659175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbe0dde90d917922021-12-21 12:22:57.946root 11241100x8000000000000000659176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407c697624e03f0a2021-12-21 12:22:57.946root 11241100x8000000000000000659177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28a4e5867c9eef12021-12-21 12:22:57.946root 11241100x8000000000000000659178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae56d7cd3a6966b2021-12-21 12:22:57.946root 11241100x8000000000000000659179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4604d6d4ccb1ee952021-12-21 12:22:57.946root 354300x8000000000000000659180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.101{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49906-false10.0.1.12-8000- 11241100x8000000000000000659181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea2544060f5f8612021-12-21 12:22:58.443root 11241100x8000000000000000659182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5610fabfb235a6152021-12-21 12:22:58.443root 11241100x8000000000000000659183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647e9cb689a30b3e2021-12-21 12:22:58.443root 11241100x8000000000000000659184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a39881c3c61e792021-12-21 12:22:58.443root 11241100x8000000000000000659185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1e25f9fbb7d5c02021-12-21 12:22:58.444root 11241100x8000000000000000659186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6a699688bce2042021-12-21 12:22:58.444root 11241100x8000000000000000659187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d71a97e21a75cf2021-12-21 12:22:58.444root 11241100x8000000000000000659188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150d38ccc79e71d12021-12-21 12:22:58.444root 11241100x8000000000000000659189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04611f60dbee98132021-12-21 12:22:58.444root 11241100x8000000000000000659190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88623e4301ea36502021-12-21 12:22:58.444root 11241100x8000000000000000659191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdee965063cecb632021-12-21 12:22:58.444root 11241100x8000000000000000659192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21df10c73e2833ce2021-12-21 12:22:58.444root 11241100x8000000000000000659193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541bf51c01eef7cd2021-12-21 12:22:58.444root 11241100x8000000000000000659194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25db9b1826d8c44e2021-12-21 12:22:58.444root 11241100x8000000000000000659195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133d54625183764d2021-12-21 12:22:58.445root 11241100x8000000000000000659196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0345a84615f78e942021-12-21 12:22:58.445root 11241100x8000000000000000659197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7155d17cb4dabf062021-12-21 12:22:58.445root 11241100x8000000000000000659198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0c59a7a43a2e242021-12-21 12:22:58.445root 11241100x8000000000000000659199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c20266a380dad2a2021-12-21 12:22:58.445root 11241100x8000000000000000659200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65905da03d64c0ec2021-12-21 12:22:58.445root 11241100x8000000000000000659201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13e36db1390bcbe2021-12-21 12:22:58.445root 11241100x8000000000000000659202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cedaed98c8ccb782021-12-21 12:22:58.446root 11241100x8000000000000000659203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440b16b307f24a322021-12-21 12:22:58.446root 11241100x8000000000000000659204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f126bb6ccf21f02021-12-21 12:22:58.446root 11241100x8000000000000000659205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27195a29aaeb8772021-12-21 12:22:58.446root 11241100x8000000000000000659206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4c9e5d60f5ae4a2021-12-21 12:22:58.446root 11241100x8000000000000000659207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19047caad63da04b2021-12-21 12:22:58.446root 11241100x8000000000000000659208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b04683472312462021-12-21 12:22:58.446root 11241100x8000000000000000659209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653856ac330704d92021-12-21 12:22:58.446root 11241100x8000000000000000659210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e64f7ca5aab8882021-12-21 12:22:58.446root 11241100x8000000000000000659211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bb833c0925d72a2021-12-21 12:22:58.446root 11241100x8000000000000000659212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d76984f9483d9162021-12-21 12:22:58.446root 11241100x8000000000000000659213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa0a134043fc8b92021-12-21 12:22:58.446root 11241100x8000000000000000659214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d562e429fc97c4832021-12-21 12:22:58.447root 11241100x8000000000000000659215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca73d17403dee8ce2021-12-21 12:22:58.447root 11241100x8000000000000000659216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be469482bafb5ae52021-12-21 12:22:58.447root 11241100x8000000000000000659217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db33c64d7df27ba2021-12-21 12:22:58.447root 11241100x8000000000000000659218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec002220e80d33f2021-12-21 12:22:58.447root 11241100x8000000000000000659219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a14649f3a4c44952021-12-21 12:22:58.447root 11241100x8000000000000000659220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1b4fa9d1a6cf8d2021-12-21 12:22:58.447root 11241100x8000000000000000659221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd132c8d02d054b2021-12-21 12:22:58.447root 11241100x8000000000000000659222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d8a6d331ac7f2e2021-12-21 12:22:58.447root 11241100x8000000000000000659223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70757f78eb35af402021-12-21 12:22:58.447root 11241100x8000000000000000659224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6feff5a020a8c6d72021-12-21 12:22:58.447root 11241100x8000000000000000659225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966e92e59ae1c2df2021-12-21 12:22:58.447root 11241100x8000000000000000659226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437d92bed99abbb02021-12-21 12:22:58.943root 11241100x8000000000000000659227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500254ae9fe37d082021-12-21 12:22:58.943root 11241100x8000000000000000659228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2e7e0260a13e372021-12-21 12:22:58.943root 11241100x8000000000000000659229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fab8c792baa39772021-12-21 12:22:58.943root 11241100x8000000000000000659230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93858833faaf30052021-12-21 12:22:58.943root 11241100x8000000000000000659231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04eded4a89c634342021-12-21 12:22:58.944root 11241100x8000000000000000659232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb473c32d5f97e262021-12-21 12:22:58.944root 11241100x8000000000000000659233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44950b3402add7f32021-12-21 12:22:58.944root 11241100x8000000000000000659234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959b8d52007a352d2021-12-21 12:22:58.944root 11241100x8000000000000000659235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429190adbb34f15e2021-12-21 12:22:58.944root 11241100x8000000000000000659236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b79bfca2db5645e2021-12-21 12:22:58.944root 11241100x8000000000000000659237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88c12ff88b618322021-12-21 12:22:58.944root 11241100x8000000000000000659238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef008667d0fefd142021-12-21 12:22:58.944root 11241100x8000000000000000659239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d475a5159223ac22021-12-21 12:22:58.944root 11241100x8000000000000000659240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab0c38053fa3c932021-12-21 12:22:58.944root 11241100x8000000000000000659241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce0ab9f547e32692021-12-21 12:22:58.944root 11241100x8000000000000000659242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b6debe0ca8bcd32021-12-21 12:22:58.944root 11241100x8000000000000000659243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff72d8c4aaf834342021-12-21 12:22:58.944root 11241100x8000000000000000659244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e44ff5fb82b38a2021-12-21 12:22:58.944root 11241100x8000000000000000659245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b64d935498d0f3c2021-12-21 12:22:58.945root 11241100x8000000000000000659246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46279760636bfba2021-12-21 12:22:58.945root 11241100x8000000000000000659247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e65f0de65f6927f2021-12-21 12:22:58.945root 11241100x8000000000000000659248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566a2488423fbf8f2021-12-21 12:22:58.945root 11241100x8000000000000000659249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50566f98daaf0072021-12-21 12:22:58.945root 11241100x8000000000000000659250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93e7126d69dde912021-12-21 12:22:58.945root 11241100x8000000000000000659251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8da5402ecd6f022021-12-21 12:22:58.945root 11241100x8000000000000000659252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82efaf4b1d15b3882021-12-21 12:22:58.945root 11241100x8000000000000000659253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047d62edfce572722021-12-21 12:22:58.945root 11241100x8000000000000000659254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0ccbac9bb9fc1c2021-12-21 12:22:58.945root 11241100x8000000000000000659255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64047742f5b65ba2021-12-21 12:22:58.945root 11241100x8000000000000000659256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d72042a45145302021-12-21 12:22:58.945root 11241100x8000000000000000659257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc3f2a283cdef1e2021-12-21 12:22:58.945root 11241100x8000000000000000659258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e6414c19a258a12021-12-21 12:22:58.945root 11241100x8000000000000000659259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2b9d061db807622021-12-21 12:22:58.945root 11241100x8000000000000000659260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a24394bf95630102021-12-21 12:22:58.945root 11241100x8000000000000000659261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c7f5d47770a7af2021-12-21 12:22:58.945root 11241100x8000000000000000659262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111e4e146a390b5f2021-12-21 12:22:58.946root 11241100x8000000000000000659263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eced169cdd4d45cf2021-12-21 12:22:59.443root 11241100x8000000000000000659264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04912444613e25472021-12-21 12:22:59.443root 11241100x8000000000000000659265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20070870b393b7502021-12-21 12:22:59.443root 11241100x8000000000000000659266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de675f7f8c421cb2021-12-21 12:22:59.443root 11241100x8000000000000000659267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c285bd2a4b223b272021-12-21 12:22:59.443root 11241100x8000000000000000659268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22f4ae7da97705e2021-12-21 12:22:59.443root 11241100x8000000000000000659269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1af498ebc12e9302021-12-21 12:22:59.443root 11241100x8000000000000000659270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e535399cd17c102021-12-21 12:22:59.444root 11241100x8000000000000000659271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0a7b82348859f62021-12-21 12:22:59.444root 11241100x8000000000000000659272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670115375bc793b32021-12-21 12:22:59.444root 11241100x8000000000000000659273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3b1e35de653e0d2021-12-21 12:22:59.444root 11241100x8000000000000000659274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e1da0449d7a20d2021-12-21 12:22:59.444root 11241100x8000000000000000659275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801679f37cb0bee52021-12-21 12:22:59.444root 11241100x8000000000000000659276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad7d011860c16cb2021-12-21 12:22:59.444root 11241100x8000000000000000659277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdaf4b73d8b6d9ae2021-12-21 12:22:59.444root 11241100x8000000000000000659278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003ba1cd98b2fa382021-12-21 12:22:59.444root 11241100x8000000000000000659279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bea3f7c591bb312021-12-21 12:22:59.444root 11241100x8000000000000000659280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc782ba8434714932021-12-21 12:22:59.444root 11241100x8000000000000000659281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2b2dcb0a12d3cf2021-12-21 12:22:59.444root 11241100x8000000000000000659282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd15f44a83d46d632021-12-21 12:22:59.444root 11241100x8000000000000000659283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d5c04d2ffb5b6e2021-12-21 12:22:59.444root 11241100x8000000000000000659284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce489f618a922162021-12-21 12:22:59.444root 11241100x8000000000000000659285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5fbfd68f6c53272021-12-21 12:22:59.444root 11241100x8000000000000000659286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d355b8b20f031fbe2021-12-21 12:22:59.445root 11241100x8000000000000000659287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909c157957b011d92021-12-21 12:22:59.445root 11241100x8000000000000000659288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c2583ffc158b0c2021-12-21 12:22:59.445root 11241100x8000000000000000659289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfc6edacde67c2f2021-12-21 12:22:59.445root 11241100x8000000000000000659290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd6d7035ebd17622021-12-21 12:22:59.445root 11241100x8000000000000000659291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6ad3271d293a652021-12-21 12:22:59.445root 11241100x8000000000000000659292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67a7d350eaf1f102021-12-21 12:22:59.445root 11241100x8000000000000000659293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6eaa7ae0e9414522021-12-21 12:22:59.445root 11241100x8000000000000000659294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bfb40ed9b308a22021-12-21 12:22:59.446root 11241100x8000000000000000659295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13527064992233642021-12-21 12:22:59.446root 11241100x8000000000000000659296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2580e92feb57f74d2021-12-21 12:22:59.446root 11241100x8000000000000000659297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5eb1b43f4f71852021-12-21 12:22:59.446root 11241100x8000000000000000659298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8930210fb1f1cd8a2021-12-21 12:22:59.447root 11241100x8000000000000000659299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58c71ccf2899e182021-12-21 12:22:59.447root 11241100x8000000000000000659300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e738618ae78eaf92021-12-21 12:22:59.447root 11241100x8000000000000000659301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06748337a998d4a92021-12-21 12:22:59.447root 11241100x8000000000000000659302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e4ed9274e95e522021-12-21 12:22:59.447root 11241100x8000000000000000659303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f20a0c0585a29b12021-12-21 12:22:59.447root 11241100x8000000000000000659304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b77d52e1b11e642021-12-21 12:22:59.448root 11241100x8000000000000000659305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202848469b09f1e92021-12-21 12:22:59.448root 11241100x8000000000000000659306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b166d015aac2b72021-12-21 12:22:59.448root 11241100x8000000000000000659307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35c2b88d20837512021-12-21 12:22:59.448root 11241100x8000000000000000659308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7916cc076d9a74782021-12-21 12:22:59.448root 11241100x8000000000000000659309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f589881007ebcefa2021-12-21 12:22:59.943root 11241100x8000000000000000659310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab072db505d92b642021-12-21 12:22:59.943root 11241100x8000000000000000659311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d521e70590ce062021-12-21 12:22:59.944root 11241100x8000000000000000659312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fae43f2f957e022021-12-21 12:22:59.944root 11241100x8000000000000000659313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d867db5b446f03af2021-12-21 12:22:59.944root 11241100x8000000000000000659314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5ec03a18521fcb2021-12-21 12:22:59.944root 11241100x8000000000000000659315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ee218963911cd82021-12-21 12:22:59.944root 11241100x8000000000000000659316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ec39947064e91f2021-12-21 12:22:59.944root 11241100x8000000000000000659317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a85c2d8ac4059d42021-12-21 12:22:59.944root 11241100x8000000000000000659318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f3492e355d5fa82021-12-21 12:22:59.944root 11241100x8000000000000000659319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c876914e4ff6df2021-12-21 12:22:59.945root 11241100x8000000000000000659320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc50ec044d6afbca2021-12-21 12:22:59.945root 11241100x8000000000000000659321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfaa4cb191b8d7d82021-12-21 12:22:59.945root 11241100x8000000000000000659322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c0578af589ac3c2021-12-21 12:22:59.945root 11241100x8000000000000000659323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d858342b4dcdb72021-12-21 12:22:59.945root 11241100x8000000000000000659324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fd041dbc10f7b52021-12-21 12:22:59.945root 11241100x8000000000000000659325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5ee3dee5cb13792021-12-21 12:22:59.946root 11241100x8000000000000000659326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56508b34e9f3ecf2021-12-21 12:22:59.946root 11241100x8000000000000000659327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c800da39341c43f62021-12-21 12:22:59.946root 11241100x8000000000000000659328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eab41cbb28e9ec22021-12-21 12:22:59.946root 11241100x8000000000000000659329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04828234f4a2c8102021-12-21 12:22:59.946root 11241100x8000000000000000659330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c65286b0433d01a2021-12-21 12:22:59.946root 11241100x8000000000000000659331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e33c4d31071ae1f2021-12-21 12:22:59.946root 11241100x8000000000000000659332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690e43c53e776b7b2021-12-21 12:22:59.947root 11241100x8000000000000000659333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18103f5ed3984fb2021-12-21 12:22:59.947root 11241100x8000000000000000659334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25362d4cbaf7fd9c2021-12-21 12:22:59.947root 11241100x8000000000000000659335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f338a8075a6f9842021-12-21 12:22:59.947root 11241100x8000000000000000659336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffed94e7de21aea2021-12-21 12:22:59.948root 11241100x8000000000000000659337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6545cc6fe8ba25b22021-12-21 12:22:59.948root 11241100x8000000000000000659338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2e9c03f96be1612021-12-21 12:22:59.948root 11241100x8000000000000000659339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6e56835cf554e02021-12-21 12:22:59.948root 11241100x8000000000000000659340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79dbdb124f5b45292021-12-21 12:22:59.948root 11241100x8000000000000000659341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3e47647ace8f9c2021-12-21 12:22:59.949root 11241100x8000000000000000659342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1943affe2569442021-12-21 12:22:59.949root 11241100x8000000000000000659343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:22:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bad1934399d6082021-12-21 12:22:59.949root 11241100x8000000000000000659344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428d08da8e30d7ab2021-12-21 12:23:00.443root 11241100x8000000000000000659345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4da171d492df9f2021-12-21 12:23:00.443root 11241100x8000000000000000659346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34770c064fe275f92021-12-21 12:23:00.443root 11241100x8000000000000000659347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8247abddd53e5d2021-12-21 12:23:00.443root 11241100x8000000000000000659348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8864ccb981b8e60f2021-12-21 12:23:00.444root 11241100x8000000000000000659349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6016f2fa37a914f12021-12-21 12:23:00.444root 11241100x8000000000000000659350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba49d40fc37d98a42021-12-21 12:23:00.444root 11241100x8000000000000000659351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26e5b6585a57b182021-12-21 12:23:00.444root 11241100x8000000000000000659352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afa558dcad88f312021-12-21 12:23:00.444root 11241100x8000000000000000659353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd38ebc5cdbb5b22021-12-21 12:23:00.444root 11241100x8000000000000000659354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f201ee2126b0006e2021-12-21 12:23:00.444root 11241100x8000000000000000659355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11cb5303ddcbe6f2021-12-21 12:23:00.444root 11241100x8000000000000000659356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd88f06ab3bfc072021-12-21 12:23:00.444root 11241100x8000000000000000659357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699387ce913fb79d2021-12-21 12:23:00.444root 11241100x8000000000000000659358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f76e0136d017f472021-12-21 12:23:00.444root 11241100x8000000000000000659359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d089aa1488943012021-12-21 12:23:00.444root 11241100x8000000000000000659360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39d5d48200d23422021-12-21 12:23:00.444root 11241100x8000000000000000659361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb5558bc10e42c12021-12-21 12:23:00.444root 11241100x8000000000000000659362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c66f2ec2b0406c2021-12-21 12:23:00.445root 11241100x8000000000000000659363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d903a49de3e92d82021-12-21 12:23:00.445root 11241100x8000000000000000659364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc0e2929ceb573e2021-12-21 12:23:00.445root 11241100x8000000000000000659365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0294bc461e436d1f2021-12-21 12:23:00.445root 11241100x8000000000000000659366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bbf3bfbaea49732021-12-21 12:23:00.445root 11241100x8000000000000000659367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233b97079fda42dd2021-12-21 12:23:00.445root 11241100x8000000000000000659368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c191901e20fc23ad2021-12-21 12:23:00.445root 11241100x8000000000000000659369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118e06159c05e4952021-12-21 12:23:00.445root 11241100x8000000000000000659370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c7691678a310302021-12-21 12:23:00.445root 11241100x8000000000000000659371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8f735a01211dea2021-12-21 12:23:00.445root 11241100x8000000000000000659372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3494734b8a505d2021-12-21 12:23:00.445root 11241100x8000000000000000659373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce4fe3bc50cd3cf2021-12-21 12:23:00.445root 11241100x8000000000000000659374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab1bab74e9285ac2021-12-21 12:23:00.445root 11241100x8000000000000000659375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4815e0703614a7142021-12-21 12:23:00.943root 11241100x8000000000000000659376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205c77a0df6523e02021-12-21 12:23:00.943root 11241100x8000000000000000659377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd45e93e7cef12b2021-12-21 12:23:00.943root 11241100x8000000000000000659378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18ad7e186e5660a2021-12-21 12:23:00.943root 11241100x8000000000000000659379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9039ff86df5178712021-12-21 12:23:00.944root 11241100x8000000000000000659380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2425add01a3e13fb2021-12-21 12:23:00.944root 11241100x8000000000000000659381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af428a7e95d61522021-12-21 12:23:00.944root 11241100x8000000000000000659382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c61a35fd23b33002021-12-21 12:23:00.944root 11241100x8000000000000000659383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de94fbfb8fbf3f4e2021-12-21 12:23:00.944root 11241100x8000000000000000659384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0756a6a8127fd52021-12-21 12:23:00.944root 11241100x8000000000000000659385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435d61f576e852f42021-12-21 12:23:00.944root 11241100x8000000000000000659386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5821c4b53918c512021-12-21 12:23:00.944root 11241100x8000000000000000659387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bb5f83381e995b2021-12-21 12:23:00.944root 11241100x8000000000000000659388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7779b0b8104e2152021-12-21 12:23:00.944root 11241100x8000000000000000659389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4000bdf631eefa5b2021-12-21 12:23:00.944root 11241100x8000000000000000659390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a26ce696b1e3392021-12-21 12:23:00.944root 11241100x8000000000000000659391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910e0fb521d8f6452021-12-21 12:23:00.944root 11241100x8000000000000000659392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229536eef3cea4202021-12-21 12:23:00.944root 11241100x8000000000000000659393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8dda0333818c152021-12-21 12:23:00.944root 11241100x8000000000000000659394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd98af89d8138a052021-12-21 12:23:00.945root 11241100x8000000000000000659395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f0f3e870742b6e2021-12-21 12:23:00.945root 11241100x8000000000000000659396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beebb9f089f72d822021-12-21 12:23:00.945root 11241100x8000000000000000659397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3bd82ccb44dc512021-12-21 12:23:00.945root 11241100x8000000000000000659398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588c7451616ab8012021-12-21 12:23:00.945root 11241100x8000000000000000659399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98096bb25b286f952021-12-21 12:23:00.945root 11241100x8000000000000000659400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f21b25c0e221722021-12-21 12:23:00.945root 11241100x8000000000000000659401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136e5e119a72c5542021-12-21 12:23:00.945root 11241100x8000000000000000659402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f662a1d84586c4c12021-12-21 12:23:00.945root 11241100x8000000000000000659403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec051173f27311922021-12-21 12:23:00.945root 11241100x8000000000000000659404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8349c8d26273712021-12-21 12:23:00.945root 11241100x8000000000000000659405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e113ed9d7524202021-12-21 12:23:00.945root 11241100x8000000000000000659406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499c886c553f9c2e2021-12-21 12:23:01.443root 11241100x8000000000000000659407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b43434042472d202021-12-21 12:23:01.443root 11241100x8000000000000000659408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce32c120225ab73d2021-12-21 12:23:01.443root 11241100x8000000000000000659409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061a8bd54a4a2f1c2021-12-21 12:23:01.443root 11241100x8000000000000000659410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6efd321ab8eccf2021-12-21 12:23:01.443root 11241100x8000000000000000659411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71eeb13ab35b91a2021-12-21 12:23:01.443root 11241100x8000000000000000659412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570a3fdd735bc1702021-12-21 12:23:01.443root 11241100x8000000000000000659413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35941d73486421f02021-12-21 12:23:01.443root 11241100x8000000000000000659414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b760283577e54302021-12-21 12:23:01.443root 11241100x8000000000000000659415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89afb72ef9f5f1aa2021-12-21 12:23:01.444root 11241100x8000000000000000659416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90609d2f5a4ab102021-12-21 12:23:01.444root 11241100x8000000000000000659417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c226310b55accb672021-12-21 12:23:01.444root 11241100x8000000000000000659418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6247c1e7dae0ba62021-12-21 12:23:01.444root 11241100x8000000000000000659419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b018559937cfd632021-12-21 12:23:01.444root 11241100x8000000000000000659420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebffce5b4db1818d2021-12-21 12:23:01.444root 11241100x8000000000000000659421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f3940f9507af282021-12-21 12:23:01.444root 11241100x8000000000000000659422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7e10e75e0169132021-12-21 12:23:01.444root 11241100x8000000000000000659423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9638881fc09e54702021-12-21 12:23:01.444root 11241100x8000000000000000659424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3cd891895612532021-12-21 12:23:01.444root 11241100x8000000000000000659425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829ecf14e7ac4bdb2021-12-21 12:23:01.444root 11241100x8000000000000000659426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1b65df12b3e3ce2021-12-21 12:23:01.444root 11241100x8000000000000000659427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e331467ec21285e82021-12-21 12:23:01.444root 11241100x8000000000000000659428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f53ef306a2bdc02021-12-21 12:23:01.444root 11241100x8000000000000000659429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21463cfa9d74e8b22021-12-21 12:23:01.444root 11241100x8000000000000000659430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a155cda158d691e2021-12-21 12:23:01.445root 11241100x8000000000000000659431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc95bb203d6e02182021-12-21 12:23:01.445root 11241100x8000000000000000659432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033bedba1f940be32021-12-21 12:23:01.445root 11241100x8000000000000000659433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ca6c6b7606c8c62021-12-21 12:23:01.445root 11241100x8000000000000000659434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a53ccb09c3092c2021-12-21 12:23:01.445root 11241100x8000000000000000659435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c0e19a2c4f99812021-12-21 12:23:01.445root 11241100x8000000000000000659436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b675b8e232047af2021-12-21 12:23:01.445root 11241100x8000000000000000659437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0915573f91bc7f2021-12-21 12:23:01.445root 11241100x8000000000000000659438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aebb49005fae2b02021-12-21 12:23:01.446root 11241100x8000000000000000659439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3027bdf459bf7c2021-12-21 12:23:01.446root 11241100x8000000000000000659440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433e40a1ff65a8e02021-12-21 12:23:01.446root 11241100x8000000000000000659441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a242b813f2d6362021-12-21 12:23:01.446root 11241100x8000000000000000659442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b486df5da393003f2021-12-21 12:23:01.446root 11241100x8000000000000000659443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965cfa0fea2be6642021-12-21 12:23:01.446root 11241100x8000000000000000659444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088e60ddbfc101f92021-12-21 12:23:01.446root 11241100x8000000000000000659445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ea6dd02bd33fcc2021-12-21 12:23:01.446root 11241100x8000000000000000659446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca209195513cdda2021-12-21 12:23:01.446root 11241100x8000000000000000659447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094f0bf9996d0c6e2021-12-21 12:23:01.446root 11241100x8000000000000000659448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee61f07d276c7d42021-12-21 12:23:01.446root 11241100x8000000000000000659449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961a0973e45f5dd32021-12-21 12:23:01.447root 11241100x8000000000000000659450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fbea6668e39f9a2021-12-21 12:23:01.447root 11241100x8000000000000000659451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29f31d84682693b2021-12-21 12:23:01.447root 11241100x8000000000000000659452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2e8996ab97f18e2021-12-21 12:23:01.943root 11241100x8000000000000000659453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1155e644defbfce92021-12-21 12:23:01.943root 11241100x8000000000000000659454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8f67a9fc3e500c2021-12-21 12:23:01.943root 11241100x8000000000000000659455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be420aa528275fa12021-12-21 12:23:01.943root 11241100x8000000000000000659456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7949f10f541fcde2021-12-21 12:23:01.944root 11241100x8000000000000000659457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e093bda381a1e002021-12-21 12:23:01.944root 11241100x8000000000000000659458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921095935df58e0c2021-12-21 12:23:01.944root 11241100x8000000000000000659459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e566b3009c51b0f02021-12-21 12:23:01.944root 11241100x8000000000000000659460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8216bc1e8745748b2021-12-21 12:23:01.944root 11241100x8000000000000000659461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128b778d237b23952021-12-21 12:23:01.944root 11241100x8000000000000000659462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5430432b4ce6ed2021-12-21 12:23:01.944root 11241100x8000000000000000659463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89663cd6c687fdca2021-12-21 12:23:01.944root 11241100x8000000000000000659464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3a415c09438e0d2021-12-21 12:23:01.944root 11241100x8000000000000000659465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767b77cfad50218c2021-12-21 12:23:01.944root 11241100x8000000000000000659466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8112c836cd60aa442021-12-21 12:23:01.944root 11241100x8000000000000000659467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bfc6753e517a242021-12-21 12:23:01.945root 11241100x8000000000000000659468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab73ce574c4597202021-12-21 12:23:01.945root 11241100x8000000000000000659469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bb3484c72e5e402021-12-21 12:23:01.945root 11241100x8000000000000000659470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a362146bf542b62021-12-21 12:23:01.945root 11241100x8000000000000000659471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e52be8821aa6042021-12-21 12:23:01.945root 11241100x8000000000000000659472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899b6a83442fe64e2021-12-21 12:23:01.945root 11241100x8000000000000000659473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b74777bacba9c4b2021-12-21 12:23:01.945root 11241100x8000000000000000659474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b436170aaada0e8c2021-12-21 12:23:01.945root 11241100x8000000000000000659475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19bd9661bee9ff82021-12-21 12:23:01.946root 11241100x8000000000000000659476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fe5d010562fc052021-12-21 12:23:01.946root 11241100x8000000000000000659477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf5f2c99ad6b4bc2021-12-21 12:23:01.946root 11241100x8000000000000000659478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4d61e4ed9b6b722021-12-21 12:23:01.946root 11241100x8000000000000000659479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3f59f7f97e95b62021-12-21 12:23:01.946root 11241100x8000000000000000659480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243c90456737ec8e2021-12-21 12:23:01.946root 11241100x8000000000000000659481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01cfb178a06c4792021-12-21 12:23:01.946root 11241100x8000000000000000659482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8659429c5d78f1fd2021-12-21 12:23:01.946root 11241100x8000000000000000659483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8c2a48e834d8c22021-12-21 12:23:01.946root 11241100x8000000000000000659484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b65559aa9002a12021-12-21 12:23:01.946root 11241100x8000000000000000659485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858564fed762b5182021-12-21 12:23:01.946root 11241100x8000000000000000659486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b7ad128dffbd122021-12-21 12:23:01.946root 11241100x8000000000000000659487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff94475791510432021-12-21 12:23:01.947root 11241100x8000000000000000659488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57ada79f2fdaa6b2021-12-21 12:23:01.947root 11241100x8000000000000000659489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d405dde32cbf4e2021-12-21 12:23:01.947root 11241100x8000000000000000659490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470dcfa88e5ccd0f2021-12-21 12:23:01.947root 11241100x8000000000000000659491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905e1ceb2e8bbc382021-12-21 12:23:01.947root 11241100x8000000000000000659492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7140c21f74103632021-12-21 12:23:01.947root 11241100x8000000000000000659493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03646140a7c3694f2021-12-21 12:23:01.947root 11241100x8000000000000000659494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc81360d016bc5db2021-12-21 12:23:01.947root 11241100x8000000000000000659495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d688bd46babedfc22021-12-21 12:23:01.947root 11241100x8000000000000000659496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4ba50cca3c8a2e2021-12-21 12:23:01.947root 11241100x8000000000000000659497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5d01ae93adaa0e2021-12-21 12:23:01.947root 11241100x8000000000000000659498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba604bb20f053622021-12-21 12:23:01.948root 11241100x8000000000000000659499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dbfe833441d8f12021-12-21 12:23:01.948root 11241100x8000000000000000659500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8042f435aa277242021-12-21 12:23:01.948root 11241100x8000000000000000659501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e280263a7bf0efab2021-12-21 12:23:01.948root 11241100x8000000000000000659502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414d1af8e7e7d6ea2021-12-21 12:23:01.948root 11241100x8000000000000000659503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1518e97791c142072021-12-21 12:23:01.948root 11241100x8000000000000000659504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc4d0477a45120c2021-12-21 12:23:01.948root 11241100x8000000000000000659505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87eaf74408b6a4c92021-12-21 12:23:01.948root 11241100x8000000000000000659506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ad7c34b6c4b0bf2021-12-21 12:23:01.948root 11241100x8000000000000000659507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59d91e744e070822021-12-21 12:23:01.948root 11241100x8000000000000000659508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532f7eea05d982752021-12-21 12:23:01.948root 11241100x8000000000000000659509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cadee1c56c8d6a92021-12-21 12:23:01.949root 11241100x8000000000000000659510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882869dd2b6879172021-12-21 12:23:01.949root 11241100x8000000000000000659511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e3ce29e252326d2021-12-21 12:23:01.949root 11241100x8000000000000000659512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2505af34ea8f0ad22021-12-21 12:23:01.949root 11241100x8000000000000000659513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06131e1cefe777aa2021-12-21 12:23:01.949root 11241100x8000000000000000659514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5595ff8f562cca2021-12-21 12:23:01.949root 11241100x8000000000000000659515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ca05eaa53548b32021-12-21 12:23:01.949root 11241100x8000000000000000659516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079d879c9cc4d1682021-12-21 12:23:01.949root 11241100x8000000000000000659517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82db49d50767831a2021-12-21 12:23:01.949root 11241100x8000000000000000659518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a5949f06abdf732021-12-21 12:23:01.949root 11241100x8000000000000000659519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decb48002d9395332021-12-21 12:23:01.949root 11241100x8000000000000000659520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c18211bd16a3dba2021-12-21 12:23:01.949root 11241100x8000000000000000659521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f42ccc5ddbb22952021-12-21 12:23:02.443root 11241100x8000000000000000659522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9003605e1bb6a9592021-12-21 12:23:02.443root 11241100x8000000000000000659523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e964defd1a59d8bf2021-12-21 12:23:02.443root 11241100x8000000000000000659524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d090fd83f7607b202021-12-21 12:23:02.443root 11241100x8000000000000000659525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d492a684321aa972021-12-21 12:23:02.443root 11241100x8000000000000000659526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa2d71f9a5b9a9e2021-12-21 12:23:02.443root 11241100x8000000000000000659527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d26fa09e62cc2762021-12-21 12:23:02.443root 11241100x8000000000000000659528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f253c693a30dfb82021-12-21 12:23:02.444root 11241100x8000000000000000659529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a586d74c28a527c2021-12-21 12:23:02.444root 11241100x8000000000000000659530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a3188834bfd53f2021-12-21 12:23:02.444root 11241100x8000000000000000659531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e29579fb6604b72021-12-21 12:23:02.444root 11241100x8000000000000000659532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19efadb76cd0f8d2021-12-21 12:23:02.444root 11241100x8000000000000000659533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5883ba1a5adf3fbc2021-12-21 12:23:02.444root 11241100x8000000000000000659534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d707477b5ea57c2021-12-21 12:23:02.444root 11241100x8000000000000000659535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac24db42548ca982021-12-21 12:23:02.444root 11241100x8000000000000000659536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8deab2d8f4ae4f92021-12-21 12:23:02.444root 11241100x8000000000000000659537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d1bc43c0efd8f02021-12-21 12:23:02.444root 11241100x8000000000000000659538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd2c6b9c7f8b9842021-12-21 12:23:02.444root 11241100x8000000000000000659539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11b35e5a3dc55462021-12-21 12:23:02.444root 11241100x8000000000000000659540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a731cc370cb9065f2021-12-21 12:23:02.444root 11241100x8000000000000000659541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cc4b422fa3c9f82021-12-21 12:23:02.445root 11241100x8000000000000000659542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b644585a596dc362021-12-21 12:23:02.445root 11241100x8000000000000000659543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2352c4d89c9cbaa42021-12-21 12:23:02.445root 11241100x8000000000000000659544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2359fa15cc1856e32021-12-21 12:23:02.445root 11241100x8000000000000000659545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac0084d33a838082021-12-21 12:23:02.445root 11241100x8000000000000000659546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69357b0e668962bc2021-12-21 12:23:02.445root 11241100x8000000000000000659547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f68ed0ad9b3f4d2021-12-21 12:23:02.445root 11241100x8000000000000000659548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53f6fe45848e6ca2021-12-21 12:23:02.445root 11241100x8000000000000000659549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df1d4d971794e992021-12-21 12:23:02.445root 11241100x8000000000000000659550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075528791174048b2021-12-21 12:23:02.445root 11241100x8000000000000000659551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7856fbf341405c652021-12-21 12:23:02.445root 11241100x8000000000000000659552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4bb422c3a3b13c2021-12-21 12:23:02.445root 11241100x8000000000000000659553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1225b8c9bae7402021-12-21 12:23:02.445root 11241100x8000000000000000659554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402b7a82e4c4e9172021-12-21 12:23:02.445root 11241100x8000000000000000659555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404bcb45c5c52b652021-12-21 12:23:02.445root 11241100x8000000000000000659556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8ad28c9ab0786e2021-12-21 12:23:02.445root 11241100x8000000000000000659557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da04a190538b18bc2021-12-21 12:23:02.446root 11241100x8000000000000000659558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233c94fda3ff8abc2021-12-21 12:23:02.446root 11241100x8000000000000000659559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06296977046f8592021-12-21 12:23:02.446root 11241100x8000000000000000659560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ca471bdc2e0a1f2021-12-21 12:23:02.446root 11241100x8000000000000000659561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09041616661d6e22021-12-21 12:23:02.446root 11241100x8000000000000000659562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5071b8c41d26df4c2021-12-21 12:23:02.446root 11241100x8000000000000000659563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea5f08775d0ac892021-12-21 12:23:02.446root 11241100x8000000000000000659564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebb3092af52ac4b2021-12-21 12:23:02.446root 11241100x8000000000000000659565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3836131950569452021-12-21 12:23:02.446root 11241100x8000000000000000659566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edaf18eb1f6548332021-12-21 12:23:02.446root 11241100x8000000000000000659567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104809ebb9da37472021-12-21 12:23:02.446root 11241100x8000000000000000659568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348e9332b0a22a162021-12-21 12:23:02.446root 11241100x8000000000000000659569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b490514267f1c6e2021-12-21 12:23:02.446root 11241100x8000000000000000659570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50184e00ced80df12021-12-21 12:23:02.447root 11241100x8000000000000000659571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d3288641b2944e2021-12-21 12:23:02.447root 11241100x8000000000000000659572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b62f1d6927b54842021-12-21 12:23:02.447root 11241100x8000000000000000659573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0099b332aae85812021-12-21 12:23:02.447root 11241100x8000000000000000659574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b38a46c77a56f1d2021-12-21 12:23:02.447root 11241100x8000000000000000659575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e39aa39040eb6332021-12-21 12:23:02.447root 11241100x8000000000000000659576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd788b81f859a1e2021-12-21 12:23:02.447root 11241100x8000000000000000659577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100e73c420c357da2021-12-21 12:23:02.447root 11241100x8000000000000000659578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1439130824f0cf3e2021-12-21 12:23:02.447root 11241100x8000000000000000659579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a65e08aaf218c12021-12-21 12:23:02.447root 11241100x8000000000000000659580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a860fc9e06832c3b2021-12-21 12:23:02.447root 11241100x8000000000000000659581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d2131546b0e95b2021-12-21 12:23:02.447root 11241100x8000000000000000659582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aba51bb2bf605c62021-12-21 12:23:02.448root 11241100x8000000000000000659583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19222990897b1c22021-12-21 12:23:02.448root 11241100x8000000000000000659584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0bc6f0b97d9c9f2021-12-21 12:23:02.448root 11241100x8000000000000000659585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3e2705a386765e2021-12-21 12:23:02.448root 11241100x8000000000000000659586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b958af168f7a6b2021-12-21 12:23:02.448root 11241100x8000000000000000659587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e20adba05bf69b52021-12-21 12:23:02.448root 11241100x8000000000000000659588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182d99c26725bdaa2021-12-21 12:23:02.448root 11241100x8000000000000000659589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e3b80f41f592bd2021-12-21 12:23:02.448root 11241100x8000000000000000659590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c809bef285d2dfe2021-12-21 12:23:02.448root 11241100x8000000000000000659591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f06106329db98052021-12-21 12:23:02.448root 11241100x8000000000000000659592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f9a667999db7e22021-12-21 12:23:02.943root 11241100x8000000000000000659593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4786926c4d8e322021-12-21 12:23:02.943root 11241100x8000000000000000659594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bf5a27d2eb09e82021-12-21 12:23:02.943root 11241100x8000000000000000659595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ed08f6c5e57a492021-12-21 12:23:02.943root 11241100x8000000000000000659596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7a38530acf42292021-12-21 12:23:02.944root 11241100x8000000000000000659597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b37827ddd8e96c2021-12-21 12:23:02.944root 11241100x8000000000000000659598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf5c2213bc40eea2021-12-21 12:23:02.944root 11241100x8000000000000000659599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c531c3e7b9b9e42021-12-21 12:23:02.944root 11241100x8000000000000000659600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183bfbceb48921682021-12-21 12:23:02.944root 11241100x8000000000000000659601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012af83562987a6f2021-12-21 12:23:02.944root 11241100x8000000000000000659602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13eedf4e4c07ab7d2021-12-21 12:23:02.944root 11241100x8000000000000000659603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b58d3b1997fc0d72021-12-21 12:23:02.944root 11241100x8000000000000000659604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb690b66d32131fc2021-12-21 12:23:02.945root 11241100x8000000000000000659605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3defd89412d296a62021-12-21 12:23:02.945root 11241100x8000000000000000659606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4d6264a4eab1872021-12-21 12:23:02.945root 11241100x8000000000000000659607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6987ee9289ef61812021-12-21 12:23:02.945root 11241100x8000000000000000659608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a258ca096a50fd2021-12-21 12:23:02.945root 11241100x8000000000000000659609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3c5950cc4ae65e2021-12-21 12:23:02.945root 11241100x8000000000000000659610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e859329687e0ce2021-12-21 12:23:02.945root 11241100x8000000000000000659611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04743d490231db282021-12-21 12:23:02.945root 11241100x8000000000000000659612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2565ab4aef05422021-12-21 12:23:02.945root 11241100x8000000000000000659613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f37de8950805202021-12-21 12:23:02.946root 11241100x8000000000000000659614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5733714f8a480212021-12-21 12:23:02.946root 11241100x8000000000000000659615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90799ebd76653082021-12-21 12:23:02.946root 11241100x8000000000000000659616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79ada1e2415aba02021-12-21 12:23:02.946root 11241100x8000000000000000659617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df05495dee805682021-12-21 12:23:02.946root 11241100x8000000000000000659618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331756b465a3445c2021-12-21 12:23:02.946root 11241100x8000000000000000659619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4423cc26699cd92b2021-12-21 12:23:02.946root 11241100x8000000000000000659620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6347d4e37ab9d92021-12-21 12:23:02.946root 11241100x8000000000000000659621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f996df027c3fbc1f2021-12-21 12:23:02.946root 11241100x8000000000000000659622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daeb51a44d7990ee2021-12-21 12:23:02.947root 11241100x8000000000000000659623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047157e435cd2f942021-12-21 12:23:02.947root 11241100x8000000000000000659624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f3e227093d87742021-12-21 12:23:02.947root 11241100x8000000000000000659625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c655d3cd52712d202021-12-21 12:23:02.947root 11241100x8000000000000000659626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c29aac6ee5f85d2021-12-21 12:23:02.947root 11241100x8000000000000000659627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72cd2f46e1b4e89f2021-12-21 12:23:02.947root 11241100x8000000000000000659628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a748d43ad82cacc2021-12-21 12:23:02.947root 11241100x8000000000000000659629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6504283ca37463d12021-12-21 12:23:02.947root 11241100x8000000000000000659630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daff93e6b27c67be2021-12-21 12:23:02.947root 11241100x8000000000000000659631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bda8a433f3805a02021-12-21 12:23:02.947root 11241100x8000000000000000659632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c6a8405e81b8962021-12-21 12:23:02.948root 11241100x8000000000000000659633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8abaaed82622962021-12-21 12:23:02.948root 11241100x8000000000000000659634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20cdf0ce89c48e5a2021-12-21 12:23:02.948root 11241100x8000000000000000659635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb61f40e60f10682021-12-21 12:23:02.948root 11241100x8000000000000000659636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04d42f85cfa26ba2021-12-21 12:23:02.948root 11241100x8000000000000000659637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d0652107e5f8fe2021-12-21 12:23:02.948root 11241100x8000000000000000659638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c46e6425b9546b2021-12-21 12:23:02.948root 354300x8000000000000000659639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.162{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49908-false10.0.1.12-8000- 11241100x8000000000000000659640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef281896022703912021-12-21 12:23:03.443root 11241100x8000000000000000659641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e83cd45f64b52f2021-12-21 12:23:03.443root 11241100x8000000000000000659642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67e9534407d9a0b2021-12-21 12:23:03.444root 11241100x8000000000000000659643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e511c4be0c21532021-12-21 12:23:03.444root 11241100x8000000000000000659644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370efca6ceffb9a82021-12-21 12:23:03.444root 11241100x8000000000000000659645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551ecf566e3ddb272021-12-21 12:23:03.444root 11241100x8000000000000000659646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb551897989e2082021-12-21 12:23:03.444root 11241100x8000000000000000659647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66a5aa7fdc605c82021-12-21 12:23:03.444root 11241100x8000000000000000659648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4545c9ce145850d92021-12-21 12:23:03.444root 11241100x8000000000000000659649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db924b2381392cd2021-12-21 12:23:03.444root 11241100x8000000000000000659650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924d7a7e544863ab2021-12-21 12:23:03.444root 11241100x8000000000000000659651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1db8bb55b2bb132021-12-21 12:23:03.444root 11241100x8000000000000000659652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a576f50633b022572021-12-21 12:23:03.444root 11241100x8000000000000000659653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc4580a7cc6554b2021-12-21 12:23:03.444root 11241100x8000000000000000659654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d97feed79ed93cd2021-12-21 12:23:03.444root 11241100x8000000000000000659655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede14eaf9411ac7c2021-12-21 12:23:03.444root 11241100x8000000000000000659656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4056d63c325a04512021-12-21 12:23:03.444root 11241100x8000000000000000659657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6497c65b262f66292021-12-21 12:23:03.444root 11241100x8000000000000000659658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75e6c1e2ff6b35d2021-12-21 12:23:03.445root 11241100x8000000000000000659659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf88f89a31ab27b2021-12-21 12:23:03.445root 11241100x8000000000000000659660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f468755a9ddcaf102021-12-21 12:23:03.445root 11241100x8000000000000000659661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f18cc3e530b4bd2021-12-21 12:23:03.445root 11241100x8000000000000000659662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad93851715873e0b2021-12-21 12:23:03.445root 11241100x8000000000000000659663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6465abaa54c5782021-12-21 12:23:03.445root 11241100x8000000000000000659664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5af973d0ab5aeb2021-12-21 12:23:03.445root 11241100x8000000000000000659665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce79a2a48fa6b4c2021-12-21 12:23:03.445root 11241100x8000000000000000659666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b505f96d1fd9c8ba2021-12-21 12:23:03.445root 11241100x8000000000000000659667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa82a38c6c6c18b2021-12-21 12:23:03.445root 11241100x8000000000000000659668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e0bd402b072b982021-12-21 12:23:03.445root 11241100x8000000000000000659669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81848585f4a4c8302021-12-21 12:23:03.445root 11241100x8000000000000000659670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ec06855b72c6172021-12-21 12:23:03.445root 11241100x8000000000000000659671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797a574a4cf976d72021-12-21 12:23:03.445root 11241100x8000000000000000659672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f7399c86f6c5e82021-12-21 12:23:03.943root 11241100x8000000000000000659673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83f4231d5d715082021-12-21 12:23:03.943root 11241100x8000000000000000659674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129a84f1f59fd3ba2021-12-21 12:23:03.943root 11241100x8000000000000000659675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a974b67a982d99ba2021-12-21 12:23:03.943root 11241100x8000000000000000659676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881583f7d6472e7d2021-12-21 12:23:03.943root 11241100x8000000000000000659677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e8351d4d9d7aab2021-12-21 12:23:03.943root 11241100x8000000000000000659678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a58bbd0aeb64802021-12-21 12:23:03.944root 11241100x8000000000000000659679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0801249adfa2648f2021-12-21 12:23:03.944root 11241100x8000000000000000659680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7df06155cbc7e132021-12-21 12:23:03.944root 11241100x8000000000000000659681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0df9224b47b99f32021-12-21 12:23:03.944root 11241100x8000000000000000659682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eecc63dd7bd70ad2021-12-21 12:23:03.944root 11241100x8000000000000000659683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d024e2f0568733812021-12-21 12:23:03.944root 11241100x8000000000000000659684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fda0c633bca9a02021-12-21 12:23:03.944root 11241100x8000000000000000659685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2273a033eb5bbd272021-12-21 12:23:03.944root 11241100x8000000000000000659686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cceb2c260112bb842021-12-21 12:23:03.944root 11241100x8000000000000000659687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda4fd98dae8121f2021-12-21 12:23:03.944root 11241100x8000000000000000659688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695b36b2f4a0724d2021-12-21 12:23:03.944root 11241100x8000000000000000659689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ac3c4edf6b58052021-12-21 12:23:03.944root 11241100x8000000000000000659690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151d7efa59359b252021-12-21 12:23:03.945root 11241100x8000000000000000659691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb52e88793c6bcd2021-12-21 12:23:03.945root 11241100x8000000000000000659692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3dc9afc50c9fa02021-12-21 12:23:03.945root 11241100x8000000000000000659693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6da1f9409b6c442021-12-21 12:23:03.945root 11241100x8000000000000000659694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc28340b9fb16eaa2021-12-21 12:23:03.945root 11241100x8000000000000000659695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98477dc5bbd8d882021-12-21 12:23:03.945root 11241100x8000000000000000659696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f9d31e7fa40fd62021-12-21 12:23:03.946root 11241100x8000000000000000659697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b716284399c71e2021-12-21 12:23:03.946root 11241100x8000000000000000659698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44ac5e7d5623d1f2021-12-21 12:23:03.946root 11241100x8000000000000000659699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1481a30cafa4e82021-12-21 12:23:03.946root 11241100x8000000000000000659700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45faac359195d6302021-12-21 12:23:03.946root 11241100x8000000000000000659701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2bb4d05ae888272021-12-21 12:23:03.946root 11241100x8000000000000000659702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6182266ac5d936c82021-12-21 12:23:03.946root 11241100x8000000000000000659703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400e52acd57819ed2021-12-21 12:23:03.946root 11241100x8000000000000000659704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d21b4a71afb21aa2021-12-21 12:23:03.946root 11241100x8000000000000000659705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487af5c0933db24a2021-12-21 12:23:03.946root 11241100x8000000000000000659706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fb4e3a6cc2cc272021-12-21 12:23:03.946root 11241100x8000000000000000659707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874f7554f28870d72021-12-21 12:23:03.946root 11241100x8000000000000000659708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4b1ec41d9d74422021-12-21 12:23:03.946root 11241100x8000000000000000659709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498fbf352d283bcb2021-12-21 12:23:03.946root 11241100x8000000000000000659710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52eae01e297e92a52021-12-21 12:23:03.947root 11241100x8000000000000000659711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46d1365104641f12021-12-21 12:23:03.947root 11241100x8000000000000000659712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246582bdc69a320b2021-12-21 12:23:03.947root 11241100x8000000000000000659713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8140ab0219729a22021-12-21 12:23:03.947root 11241100x8000000000000000659714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d50d3db4334cffe2021-12-21 12:23:03.947root 11241100x8000000000000000659715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc79a32bbd7b4e52021-12-21 12:23:04.443root 11241100x8000000000000000659716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275fcce922bc932f2021-12-21 12:23:04.443root 11241100x8000000000000000659717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950693aa725d98782021-12-21 12:23:04.443root 11241100x8000000000000000659718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315b00c91393f5b92021-12-21 12:23:04.444root 11241100x8000000000000000659719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2cddf798be293c2021-12-21 12:23:04.444root 11241100x8000000000000000659720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fa3fc91e8a55062021-12-21 12:23:04.444root 11241100x8000000000000000659721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471582a5d2f1fb082021-12-21 12:23:04.444root 11241100x8000000000000000659722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824646dd507809532021-12-21 12:23:04.444root 11241100x8000000000000000659723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49e84e394e7727e2021-12-21 12:23:04.444root 11241100x8000000000000000659724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9b044e3df6ea3e2021-12-21 12:23:04.444root 11241100x8000000000000000659725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de81e4b4758a67062021-12-21 12:23:04.444root 11241100x8000000000000000659726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9243cc76cc844c882021-12-21 12:23:04.444root 11241100x8000000000000000659727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189b80dc59793ca32021-12-21 12:23:04.444root 11241100x8000000000000000659728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e300851f95d43a32021-12-21 12:23:04.444root 11241100x8000000000000000659729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f532e5ee555143422021-12-21 12:23:04.445root 11241100x8000000000000000659730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6860137e3f2931aa2021-12-21 12:23:04.445root 11241100x8000000000000000659731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b7f94766ef17f22021-12-21 12:23:04.445root 11241100x8000000000000000659732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209a582ec9584efc2021-12-21 12:23:04.445root 11241100x8000000000000000659733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098e149602bdb1552021-12-21 12:23:04.445root 11241100x8000000000000000659734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c17ff445e2178c02021-12-21 12:23:04.445root 11241100x8000000000000000659735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bffdafffbdf25632021-12-21 12:23:04.445root 11241100x8000000000000000659736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744e84e94a5df33a2021-12-21 12:23:04.445root 11241100x8000000000000000659737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88273b65b84fa7ec2021-12-21 12:23:04.445root 11241100x8000000000000000659738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1a915c8c448b2b2021-12-21 12:23:04.445root 11241100x8000000000000000659739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a26c27cf7f6a6352021-12-21 12:23:04.445root 11241100x8000000000000000659740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d4fbb6e75a51072021-12-21 12:23:04.445root 11241100x8000000000000000659741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d8ae104ba487ec2021-12-21 12:23:04.445root 11241100x8000000000000000659742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922e86e0c26384352021-12-21 12:23:04.445root 11241100x8000000000000000659743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e0853ba588efcc2021-12-21 12:23:04.445root 11241100x8000000000000000659744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355131186c01da582021-12-21 12:23:04.445root 11241100x8000000000000000659745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a9cf3a1a9260cf2021-12-21 12:23:04.446root 11241100x8000000000000000659746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e57dc87e63ea152021-12-21 12:23:04.446root 11241100x8000000000000000659747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951a582af888bd112021-12-21 12:23:04.446root 11241100x8000000000000000659748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928760cfb9e8dac52021-12-21 12:23:04.446root 11241100x8000000000000000659749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f0070f97e925532021-12-21 12:23:04.943root 11241100x8000000000000000659750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1801f2ad572e13682021-12-21 12:23:04.943root 11241100x8000000000000000659751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb24ecfe52b5af82021-12-21 12:23:04.943root 11241100x8000000000000000659752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599c838a59f0e76d2021-12-21 12:23:04.943root 11241100x8000000000000000659753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171223f8fe1acf022021-12-21 12:23:04.943root 11241100x8000000000000000659754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177646946eb0b3b92021-12-21 12:23:04.943root 11241100x8000000000000000659755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913eacecc7f43ff72021-12-21 12:23:04.943root 11241100x8000000000000000659756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e92d19b7f61bb22021-12-21 12:23:04.943root 11241100x8000000000000000659757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7b1098bdacd5592021-12-21 12:23:04.944root 11241100x8000000000000000659758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58e7f5f58dada4e2021-12-21 12:23:04.944root 11241100x8000000000000000659759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3413035ad72c8272021-12-21 12:23:04.944root 11241100x8000000000000000659760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af10bcf7ce45ebe2021-12-21 12:23:04.944root 11241100x8000000000000000659761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b04ead5a5427172021-12-21 12:23:04.944root 11241100x8000000000000000659762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb9e681608a5df82021-12-21 12:23:04.944root 11241100x8000000000000000659763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b95c86c6a4d0c72021-12-21 12:23:04.944root 11241100x8000000000000000659764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c5922113d53a532021-12-21 12:23:04.944root 11241100x8000000000000000659765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef196d0c5652f082021-12-21 12:23:04.944root 11241100x8000000000000000659766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dda2df35fdb941e2021-12-21 12:23:04.944root 11241100x8000000000000000659767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016230b5908f866f2021-12-21 12:23:04.944root 11241100x8000000000000000659768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65f4db71287f7ab2021-12-21 12:23:04.944root 11241100x8000000000000000659769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2ade93f8d952742021-12-21 12:23:04.944root 11241100x8000000000000000659770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06847c1854a306fd2021-12-21 12:23:04.944root 11241100x8000000000000000659771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c299d285e27b992021-12-21 12:23:04.944root 11241100x8000000000000000659772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c8e810338feab82021-12-21 12:23:04.945root 11241100x8000000000000000659773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df384546fbc011252021-12-21 12:23:04.945root 11241100x8000000000000000659774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d650519e1c08e5d02021-12-21 12:23:04.945root 11241100x8000000000000000659775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf005bf1e70f1d522021-12-21 12:23:04.945root 11241100x8000000000000000659776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0a147979083aa82021-12-21 12:23:04.945root 11241100x8000000000000000659777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015bbd7554ed9d0d2021-12-21 12:23:04.945root 11241100x8000000000000000659778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3d1c0d22771a7d2021-12-21 12:23:04.945root 11241100x8000000000000000659779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d84373366af6bfe2021-12-21 12:23:04.945root 11241100x8000000000000000659780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f92355a7b5c0e552021-12-21 12:23:04.945root 11241100x8000000000000000659781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd26aa0e26d30f82021-12-21 12:23:04.945root 11241100x8000000000000000659782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f970a1cad30de1fc2021-12-21 12:23:04.945root 11241100x8000000000000000659783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c456ef54b600352021-12-21 12:23:04.945root 11241100x8000000000000000659784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fed1afd37342d742021-12-21 12:23:04.945root 11241100x8000000000000000659785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d006865fadcf0cf2021-12-21 12:23:04.946root 11241100x8000000000000000659786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088b377fae89e7e02021-12-21 12:23:05.443root 11241100x8000000000000000659787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcf7e1d962a39be2021-12-21 12:23:05.443root 11241100x8000000000000000659788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05568640a2c05a742021-12-21 12:23:05.443root 11241100x8000000000000000659789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0467a961011092132021-12-21 12:23:05.443root 11241100x8000000000000000659790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc4a2c31cd3c7b12021-12-21 12:23:05.443root 11241100x8000000000000000659791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812c247ba168da282021-12-21 12:23:05.443root 11241100x8000000000000000659792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff4a51524f7accb2021-12-21 12:23:05.443root 11241100x8000000000000000659793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2425bae4bebf7fed2021-12-21 12:23:05.443root 11241100x8000000000000000659794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be4d5b2564cede12021-12-21 12:23:05.443root 11241100x8000000000000000659795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc62629716996042021-12-21 12:23:05.444root 11241100x8000000000000000659796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb945e3b29292902021-12-21 12:23:05.444root 11241100x8000000000000000659797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4598f737690892a82021-12-21 12:23:05.444root 11241100x8000000000000000659798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faaa7fd7319d821b2021-12-21 12:23:05.444root 11241100x8000000000000000659799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61425a7438440332021-12-21 12:23:05.444root 11241100x8000000000000000659800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3636cb8b8a6563b42021-12-21 12:23:05.444root 11241100x8000000000000000659801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9cc9535a78f5922021-12-21 12:23:05.444root 11241100x8000000000000000659802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbf487345ae37172021-12-21 12:23:05.444root 11241100x8000000000000000659803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b8d1f1b9f3b2072021-12-21 12:23:05.444root 11241100x8000000000000000659804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487cfa3c707bf32c2021-12-21 12:23:05.444root 11241100x8000000000000000659805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca992426e88404b02021-12-21 12:23:05.444root 11241100x8000000000000000659806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4ff5a5a45711642021-12-21 12:23:05.444root 11241100x8000000000000000659807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3598f8833219c0362021-12-21 12:23:05.444root 11241100x8000000000000000659808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3651bc7a5546f72021-12-21 12:23:05.445root 11241100x8000000000000000659809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3465e05af07787662021-12-21 12:23:05.445root 11241100x8000000000000000659810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3dd7ae8e2cfe7a62021-12-21 12:23:05.445root 11241100x8000000000000000659811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e67ccd2b6dfd7e52021-12-21 12:23:05.445root 11241100x8000000000000000659812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ea8a96ec4b2b2c2021-12-21 12:23:05.445root 11241100x8000000000000000659813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fceb9074265ff6b52021-12-21 12:23:05.445root 11241100x8000000000000000659814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd458a25986de96a2021-12-21 12:23:05.446root 11241100x8000000000000000659815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29938608ec2941f52021-12-21 12:23:05.446root 11241100x8000000000000000659816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4657e013ae538a562021-12-21 12:23:05.446root 11241100x8000000000000000659817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c44358da72e6282021-12-21 12:23:05.446root 11241100x8000000000000000659818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c8a37ed09b87432021-12-21 12:23:05.446root 11241100x8000000000000000659819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631c50f66460e4c02021-12-21 12:23:05.446root 11241100x8000000000000000659820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1680aa55be3b372021-12-21 12:23:05.446root 11241100x8000000000000000659821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a63dfe30b2e16092021-12-21 12:23:05.446root 11241100x8000000000000000659822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e4c9a40d55ee652021-12-21 12:23:05.446root 11241100x8000000000000000659823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e364d618ae38a1ba2021-12-21 12:23:05.447root 11241100x8000000000000000659824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88427569462ab8a2021-12-21 12:23:05.447root 11241100x8000000000000000659825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4629362d7e33332021-12-21 12:23:05.447root 154100x8000000000000000659826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.898{ec2b6afe-c729-61c1-b87d-6c40c3550000}10079/usr/sbin/useradd-----useradd atomic_user1/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 11241100x8000000000000000659827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.899{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d866dbacac87fc422021-12-21 12:23:05.899root 11241100x8000000000000000659828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.899{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94df7d23cda655ed2021-12-21 12:23:05.899root 11241100x8000000000000000659829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de868454b7ad17612021-12-21 12:23:05.900root 11241100x8000000000000000659830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6caa255d8bafff62021-12-21 12:23:05.900root 11241100x8000000000000000659831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa2749cb9349dd52021-12-21 12:23:05.900root 11241100x8000000000000000659832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ce97c2df5ac5682021-12-21 12:23:05.900root 11241100x8000000000000000659833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aeb3aca6fc47fba2021-12-21 12:23:05.900root 11241100x8000000000000000659834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e95a23aacead402021-12-21 12:23:05.900root 11241100x8000000000000000659835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4e7bc44020851c2021-12-21 12:23:05.900root 11241100x8000000000000000659836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbc5a7343e64d4e2021-12-21 12:23:05.900root 11241100x8000000000000000659837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c45c7a0327b4ebc2021-12-21 12:23:05.900root 11241100x8000000000000000659838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc81b96c82779192021-12-21 12:23:05.900root 11241100x8000000000000000659839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565452c13b7605d82021-12-21 12:23:05.900root 11241100x8000000000000000659840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f40b91231cbfcf62021-12-21 12:23:05.900root 11241100x8000000000000000659841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfa79e770d4ff782021-12-21 12:23:05.900root 11241100x8000000000000000659842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2d03e36734486c2021-12-21 12:23:05.900root 11241100x8000000000000000659843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28706711e00923d92021-12-21 12:23:05.900root 11241100x8000000000000000659844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.901{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3cacc98226f5862021-12-21 12:23:05.901root 11241100x8000000000000000659845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.901{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29581c459811fdb2021-12-21 12:23:05.901root 11241100x8000000000000000659846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.901{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b73c3c269219baf2021-12-21 12:23:05.901root 11241100x8000000000000000659847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.901{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae1723e27e4d1382021-12-21 12:23:05.901root 11241100x8000000000000000659848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.902{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfba5f0f2e61e792021-12-21 12:23:05.902root 11241100x8000000000000000659849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.902{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e991e7912308ab82021-12-21 12:23:05.902root 11241100x8000000000000000659850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.902{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8629481090527c1a2021-12-21 12:23:05.902root 11241100x8000000000000000659851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.902{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26df793e268023c62021-12-21 12:23:05.902root 11241100x8000000000000000659852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.902{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f753bc3d3acf1082021-12-21 12:23:05.902root 11241100x8000000000000000659853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.902{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544c485b3a84627b2021-12-21 12:23:05.902root 11241100x8000000000000000659854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.902{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d667298c8a388b2021-12-21 12:23:05.902root 11241100x8000000000000000659855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.902{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01563256fd9be1b72021-12-21 12:23:05.902root 11241100x8000000000000000659856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.902{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc36d7b1ca975b22021-12-21 12:23:05.902root 11241100x8000000000000000659857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.902{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43fdfc7d8f32c702021-12-21 12:23:05.902root 11241100x8000000000000000659858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.903{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0935ed63a136212021-12-21 12:23:05.903root 11241100x8000000000000000659859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.903{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e30a62a591f8762021-12-21 12:23:05.903root 11241100x8000000000000000659860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.903{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25faede7169170a72021-12-21 12:23:05.903root 11241100x8000000000000000659861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.903{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8183eaae3ce9a7032021-12-21 12:23:05.903root 11241100x8000000000000000659862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.903{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafc12eebb094d5d2021-12-21 12:23:05.903root 11241100x8000000000000000659863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.903{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707ec39e5170a9992021-12-21 12:23:05.903root 11241100x8000000000000000659864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.903{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36a3fbf354d2b0a2021-12-21 12:23:05.903root 11241100x8000000000000000659865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.905{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce132adc4d3edc1e2021-12-21 12:23:05.905root 11241100x8000000000000000659866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.905{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6f25cb66973d582021-12-21 12:23:05.905root 534500x8000000000000000659867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.905{ec2b6afe-c729-61c1-b87d-6c40c3550000}10079/usr/sbin/useraddubuntu 11241100x8000000000000000659868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.905{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630be2a44bddae052021-12-21 12:23:05.905root 11241100x8000000000000000659869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.907{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c374b8e0ad1ab52021-12-21 12:23:05.907root 11241100x8000000000000000659870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.907{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a62bc0b5a5f6432021-12-21 12:23:05.907root 11241100x8000000000000000659871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.907{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f460d87a2094588f2021-12-21 12:23:05.907root 11241100x8000000000000000659872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.908{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8130a3acaa6027ff2021-12-21 12:23:05.908root 11241100x8000000000000000659873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.909{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3848c545e6ef5fa12021-12-21 12:23:05.909root 11241100x8000000000000000659874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.909{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca15bb42ab223c62021-12-21 12:23:05.909root 11241100x8000000000000000659875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.909{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82f6a1e62d593cc2021-12-21 12:23:05.909root 11241100x8000000000000000659876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.909{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63378c9aadfac7492021-12-21 12:23:05.909root 11241100x8000000000000000659877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:05.909{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9f9feae46db5532021-12-21 12:23:05.909root 11241100x8000000000000000659878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.141{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:23:06.141root 11241100x8000000000000000659879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71633c806085dfac2021-12-21 12:23:06.193root 11241100x8000000000000000659880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2673e6545da0392021-12-21 12:23:06.193root 11241100x8000000000000000659881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8da46839b9e25f2021-12-21 12:23:06.193root 11241100x8000000000000000659882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7ba2475120da0e2021-12-21 12:23:06.193root 11241100x8000000000000000659883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5b990e26577ad12021-12-21 12:23:06.193root 11241100x8000000000000000659884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68abdb8b22200e3f2021-12-21 12:23:06.194root 11241100x8000000000000000659885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8c142e8c36e1562021-12-21 12:23:06.194root 11241100x8000000000000000659886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849cba1da106ccc32021-12-21 12:23:06.194root 11241100x8000000000000000659887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcd7cbcb0970b642021-12-21 12:23:06.194root 11241100x8000000000000000659888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb15cbca766920f2021-12-21 12:23:06.194root 11241100x8000000000000000659889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d05b9d88ee6c132021-12-21 12:23:06.194root 11241100x8000000000000000659890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7130b07623053e22021-12-21 12:23:06.194root 11241100x8000000000000000659891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd61c4331e73ec92021-12-21 12:23:06.194root 11241100x8000000000000000659892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50143a8b3877a6792021-12-21 12:23:06.194root 11241100x8000000000000000659893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183a7e7a43896e3d2021-12-21 12:23:06.194root 11241100x8000000000000000659894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7701d5bd74d15b782021-12-21 12:23:06.195root 11241100x8000000000000000659895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838a70d26f67fad82021-12-21 12:23:06.195root 11241100x8000000000000000659896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86c6371bfa1d8cf2021-12-21 12:23:06.195root 11241100x8000000000000000659897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618c7cef455d31472021-12-21 12:23:06.195root 11241100x8000000000000000659898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721c45fe609d016c2021-12-21 12:23:06.195root 11241100x8000000000000000659899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64433d6e260344552021-12-21 12:23:06.195root 11241100x8000000000000000659900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af92834ae38648232021-12-21 12:23:06.195root 11241100x8000000000000000659901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2767f0839c64d0e2021-12-21 12:23:06.195root 11241100x8000000000000000659902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41e6526b86d08dc2021-12-21 12:23:06.195root 11241100x8000000000000000659903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb981a20157d86372021-12-21 12:23:06.196root 11241100x8000000000000000659904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adddd3e8b632afc12021-12-21 12:23:06.196root 11241100x8000000000000000659905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9113146317af6e42021-12-21 12:23:06.196root 11241100x8000000000000000659906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33970049b0d6e1e2021-12-21 12:23:06.196root 11241100x8000000000000000659907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f9d67fec7209732021-12-21 12:23:06.196root 11241100x8000000000000000659908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c530d58dc7b52d2021-12-21 12:23:06.196root 11241100x8000000000000000659909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d83e362db68e2e12021-12-21 12:23:06.197root 11241100x8000000000000000659910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d5c6943a5d2f012021-12-21 12:23:06.197root 11241100x8000000000000000659911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b23b937fefeedd12021-12-21 12:23:06.197root 11241100x8000000000000000659912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63113800a6b011762021-12-21 12:23:06.197root 11241100x8000000000000000659913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793bf346ce24b3932021-12-21 12:23:06.197root 11241100x8000000000000000659914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c7068a410deca52021-12-21 12:23:06.197root 11241100x8000000000000000659915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdea4f4154af6c72021-12-21 12:23:06.198root 11241100x8000000000000000659916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18f75a4be4626cd2021-12-21 12:23:06.198root 11241100x8000000000000000659917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e521dc3d34fdbc502021-12-21 12:23:06.198root 11241100x8000000000000000659918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc03d045c30f017e2021-12-21 12:23:06.198root 11241100x8000000000000000659919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82a8d50974ba9682021-12-21 12:23:06.198root 11241100x8000000000000000659920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79450a9035b3fdc22021-12-21 12:23:06.198root 11241100x8000000000000000659921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f4940beef569b92021-12-21 12:23:06.198root 11241100x8000000000000000659922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f2e9916b55b92d2021-12-21 12:23:06.198root 11241100x8000000000000000659923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0e2e72bf01a81c2021-12-21 12:23:06.693root 11241100x8000000000000000659924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a79ce15dcef04fe2021-12-21 12:23:06.693root 11241100x8000000000000000659925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592043f8d7981bfe2021-12-21 12:23:06.693root 11241100x8000000000000000659926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ae1cd0fa1b4c882021-12-21 12:23:06.693root 11241100x8000000000000000659927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437f3fcec80c4f0d2021-12-21 12:23:06.693root 11241100x8000000000000000659928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219bde2899cec5522021-12-21 12:23:06.693root 11241100x8000000000000000659929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff5c798171a845e2021-12-21 12:23:06.693root 11241100x8000000000000000659930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8131156cd1c5f592021-12-21 12:23:06.693root 11241100x8000000000000000659931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd03027503da10802021-12-21 12:23:06.693root 11241100x8000000000000000659932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91a8fd590aecc902021-12-21 12:23:06.693root 11241100x8000000000000000659933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f0ace6401934732021-12-21 12:23:06.693root 11241100x8000000000000000659934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbabad0630142b22021-12-21 12:23:06.693root 11241100x8000000000000000659935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b794eb2cb99d95c2021-12-21 12:23:06.694root 11241100x8000000000000000659936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29ed2273bf1f3942021-12-21 12:23:06.694root 11241100x8000000000000000659937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6f7d61b949d3ad2021-12-21 12:23:06.694root 11241100x8000000000000000659938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb8b2a72a62ab432021-12-21 12:23:06.694root 11241100x8000000000000000659939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7069fedfff227072021-12-21 12:23:06.694root 11241100x8000000000000000659940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e483107bdb2cccb52021-12-21 12:23:06.694root 11241100x8000000000000000659941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2a61a2a98420e42021-12-21 12:23:06.695root 11241100x8000000000000000659942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638513613865238a2021-12-21 12:23:06.695root 11241100x8000000000000000659943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e42178cbd50c5eb2021-12-21 12:23:06.696root 11241100x8000000000000000659944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4035e71a9dd1682021-12-21 12:23:06.697root 11241100x8000000000000000659945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb42e19e79cb7f92021-12-21 12:23:06.697root 11241100x8000000000000000659946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaccc09cc381ec92021-12-21 12:23:06.697root 11241100x8000000000000000659947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22c2ded536541bf2021-12-21 12:23:06.697root 11241100x8000000000000000659948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda9e3fdc6aad74a2021-12-21 12:23:06.697root 11241100x8000000000000000659949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0047abd6362d99d22021-12-21 12:23:06.697root 11241100x8000000000000000659950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fc29d807da54e32021-12-21 12:23:06.697root 11241100x8000000000000000659951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc07abcdc599e3872021-12-21 12:23:06.698root 11241100x8000000000000000659952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49059e152ae93c552021-12-21 12:23:06.698root 11241100x8000000000000000659953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e1c19455781eb62021-12-21 12:23:06.698root 11241100x8000000000000000659954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2581ec3f35add42021-12-21 12:23:06.698root 11241100x8000000000000000659955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9965c126d2e608a2021-12-21 12:23:06.698root 11241100x8000000000000000659956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc9704e44823e1d2021-12-21 12:23:06.698root 11241100x8000000000000000659957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771bed3785cff0bb2021-12-21 12:23:06.698root 11241100x8000000000000000659958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0678d938e0611a12021-12-21 12:23:06.699root 11241100x8000000000000000659959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fc90132a73717d2021-12-21 12:23:06.699root 11241100x8000000000000000659960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d30f23cdebe97a2021-12-21 12:23:06.699root 11241100x8000000000000000659961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e43aee53b37dba72021-12-21 12:23:06.699root 11241100x8000000000000000659962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5201443f50de122021-12-21 12:23:06.699root 11241100x8000000000000000659963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081458b20d606e1f2021-12-21 12:23:06.699root 11241100x8000000000000000659964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2871c7874b62cc2021-12-21 12:23:06.699root 11241100x8000000000000000659965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ceb904f7e26c7b62021-12-21 12:23:06.701root 11241100x8000000000000000659966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5413d15fff702ce2021-12-21 12:23:06.701root 11241100x8000000000000000659967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f363d213a0793632021-12-21 12:23:06.701root 11241100x8000000000000000659968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea1cf0259f9efb02021-12-21 12:23:06.701root 11241100x8000000000000000659969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bda58de5d409f02021-12-21 12:23:06.701root 11241100x8000000000000000659970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6985e6229b89ae6b2021-12-21 12:23:06.701root 11241100x8000000000000000659971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a1e6e648c68abd2021-12-21 12:23:06.702root 11241100x8000000000000000659972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:06.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210c0edf1116f99a2021-12-21 12:23:06.702root 11241100x8000000000000000659973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7bd6cd5ae4fc6a2021-12-21 12:23:07.193root 11241100x8000000000000000659974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4503acd6e31d0f42021-12-21 12:23:07.193root 11241100x8000000000000000659975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74f3f73611ac99d2021-12-21 12:23:07.193root 11241100x8000000000000000659976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633478ad62a9976f2021-12-21 12:23:07.193root 11241100x8000000000000000659977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ae2be5c4b81a4b2021-12-21 12:23:07.193root 11241100x8000000000000000659978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b16ead3df459692021-12-21 12:23:07.194root 11241100x8000000000000000659979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee25e7e107344a92021-12-21 12:23:07.194root 11241100x8000000000000000659980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2872d6aa9e7686282021-12-21 12:23:07.194root 11241100x8000000000000000659981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a1280df1dcfbec2021-12-21 12:23:07.194root 11241100x8000000000000000659982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d464172235c68ce2021-12-21 12:23:07.194root 11241100x8000000000000000659983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6036b1cabecb672021-12-21 12:23:07.194root 11241100x8000000000000000659984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3195e5a6da69fb6f2021-12-21 12:23:07.194root 11241100x8000000000000000659985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a260db323f8fa4d62021-12-21 12:23:07.194root 11241100x8000000000000000659986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2505aac8ed5af32021-12-21 12:23:07.194root 11241100x8000000000000000659987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6936184ee782db62021-12-21 12:23:07.194root 11241100x8000000000000000659988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a3f8f90b99d96a2021-12-21 12:23:07.195root 11241100x8000000000000000659989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8afa2a986988ed2021-12-21 12:23:07.195root 11241100x8000000000000000659990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea442f36f3559202021-12-21 12:23:07.195root 11241100x8000000000000000659991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c77ddbb6da9f99e2021-12-21 12:23:07.195root 11241100x8000000000000000659992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23de9dce8ddf8f02021-12-21 12:23:07.195root 11241100x8000000000000000659993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5989c1fdd3645b902021-12-21 12:23:07.195root 11241100x8000000000000000659994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ce70c63056a11f2021-12-21 12:23:07.195root 11241100x8000000000000000659995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6b6a0d98abd2192021-12-21 12:23:07.195root 11241100x8000000000000000659996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83eccfa34c494342021-12-21 12:23:07.196root 11241100x8000000000000000659997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee663f6dae3cc462021-12-21 12:23:07.196root 11241100x8000000000000000659998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740276754a2676272021-12-21 12:23:07.196root 11241100x8000000000000000659999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff54fbb69e504a62021-12-21 12:23:07.196root 11241100x8000000000000000660000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c5076e4874e6662021-12-21 12:23:07.196root 11241100x8000000000000000660001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84725815417338a2021-12-21 12:23:07.196root 11241100x8000000000000000660002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f7c1741392a8c22021-12-21 12:23:07.196root 11241100x8000000000000000660003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a5327488669a312021-12-21 12:23:07.196root 11241100x8000000000000000660004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bab133be9a8b2022021-12-21 12:23:07.196root 11241100x8000000000000000660005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29a22e411da32422021-12-21 12:23:07.196root 11241100x8000000000000000660006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c2f1760c5fab542021-12-21 12:23:07.197root 11241100x8000000000000000660007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b0dc9ac97f310e2021-12-21 12:23:07.197root 11241100x8000000000000000660008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97986df57d96235a2021-12-21 12:23:07.197root 11241100x8000000000000000660009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416adf112a7c51372021-12-21 12:23:07.197root 11241100x8000000000000000660010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a6089ecbd47dd32021-12-21 12:23:07.693root 11241100x8000000000000000660011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8f4514fe7544d62021-12-21 12:23:07.693root 11241100x8000000000000000660012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc534f132bd2ca192021-12-21 12:23:07.693root 11241100x8000000000000000660013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3025354085f16bb62021-12-21 12:23:07.693root 11241100x8000000000000000660014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42af5367f018e6a52021-12-21 12:23:07.693root 11241100x8000000000000000660015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae54569ef672ad512021-12-21 12:23:07.693root 11241100x8000000000000000660016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b33a4a774809a32021-12-21 12:23:07.694root 11241100x8000000000000000660017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8948fcb1e474a9bf2021-12-21 12:23:07.694root 11241100x8000000000000000660018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68143c0a8d5efd22021-12-21 12:23:07.694root 11241100x8000000000000000660019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ae231e3b2636132021-12-21 12:23:07.694root 11241100x8000000000000000660020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c377a0b3037ed32021-12-21 12:23:07.694root 11241100x8000000000000000660021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010e79b9cfd97eda2021-12-21 12:23:07.695root 11241100x8000000000000000660022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916435d190c1691b2021-12-21 12:23:07.695root 11241100x8000000000000000660023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8ad3bec03b3b5f2021-12-21 12:23:07.695root 11241100x8000000000000000660024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d731207de315192021-12-21 12:23:07.695root 11241100x8000000000000000660025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5585d1401f04b3b12021-12-21 12:23:07.695root 11241100x8000000000000000660026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603b96fbd5a99e052021-12-21 12:23:07.695root 11241100x8000000000000000660027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace5fee5e61c238e2021-12-21 12:23:07.695root 11241100x8000000000000000660028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8936e4ab21a149d72021-12-21 12:23:07.695root 11241100x8000000000000000660029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ead443fe6a303a2021-12-21 12:23:07.695root 11241100x8000000000000000660030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e539cd73ca89252021-12-21 12:23:07.695root 11241100x8000000000000000660031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7747c456f4dabf1a2021-12-21 12:23:07.695root 11241100x8000000000000000660032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeec53b5d04f254e2021-12-21 12:23:07.695root 11241100x8000000000000000660033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656ccbab04146f1c2021-12-21 12:23:07.695root 11241100x8000000000000000660034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58106addf8252b2b2021-12-21 12:23:07.695root 11241100x8000000000000000660035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc77fe28044aa0b92021-12-21 12:23:07.695root 11241100x8000000000000000660036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5637f839f283d122021-12-21 12:23:07.696root 11241100x8000000000000000660037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887f08c6b34f9b902021-12-21 12:23:07.696root 11241100x8000000000000000660038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3137a4059a3183eb2021-12-21 12:23:07.696root 11241100x8000000000000000660039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e023a1b82b4e7dd2021-12-21 12:23:07.696root 11241100x8000000000000000660040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d7c68f87a411282021-12-21 12:23:07.696root 11241100x8000000000000000660041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318e4b4b1a450f442021-12-21 12:23:07.696root 11241100x8000000000000000660042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d7debad923dfaf2021-12-21 12:23:07.696root 11241100x8000000000000000660043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5462dfe991153dc2021-12-21 12:23:07.696root 11241100x8000000000000000660044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58e213ec8664f672021-12-21 12:23:07.696root 11241100x8000000000000000660045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b4097441103e7a2021-12-21 12:23:07.696root 11241100x8000000000000000660046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e1b3e2f9e91e1c2021-12-21 12:23:07.696root 11241100x8000000000000000660047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e677fc0de504ff822021-12-21 12:23:07.696root 11241100x8000000000000000660048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463db593f947b7b42021-12-21 12:23:07.696root 11241100x8000000000000000660049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a5e45e9555286f2021-12-21 12:23:07.696root 11241100x8000000000000000660050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f058090d8583072021-12-21 12:23:08.193root 11241100x8000000000000000660051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf65668efafc2c662021-12-21 12:23:08.193root 11241100x8000000000000000660052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6192b3a4c498fd722021-12-21 12:23:08.193root 11241100x8000000000000000660053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9357be0aab9cba72021-12-21 12:23:08.193root 11241100x8000000000000000660054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a09c703f4effe042021-12-21 12:23:08.193root 11241100x8000000000000000660055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b64853f786547f2021-12-21 12:23:08.193root 11241100x8000000000000000660056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614ceec684ab6b032021-12-21 12:23:08.193root 11241100x8000000000000000660057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1962315ab1fa1792021-12-21 12:23:08.193root 11241100x8000000000000000660058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16a18f15534811f2021-12-21 12:23:08.193root 11241100x8000000000000000660059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36616000f5aef6c2021-12-21 12:23:08.193root 11241100x8000000000000000660060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8410bbc5c187f0b2021-12-21 12:23:08.194root 11241100x8000000000000000660061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89218b2ed49df4ee2021-12-21 12:23:08.194root 11241100x8000000000000000660062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ed7999d765001e2021-12-21 12:23:08.194root 11241100x8000000000000000660063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0acc30a8ee4c28e2021-12-21 12:23:08.194root 11241100x8000000000000000660064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe5fcb0f3b4a40a2021-12-21 12:23:08.194root 11241100x8000000000000000660065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b903b6c901f08f662021-12-21 12:23:08.195root 11241100x8000000000000000660066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1541deffc08a992021-12-21 12:23:08.195root 11241100x8000000000000000660067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce6d6643b0446a52021-12-21 12:23:08.195root 11241100x8000000000000000660068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba23bc4e652073f2021-12-21 12:23:08.195root 11241100x8000000000000000660069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed01ae45c96de3d52021-12-21 12:23:08.195root 11241100x8000000000000000660070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b8e03fcad097912021-12-21 12:23:08.195root 11241100x8000000000000000660071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e44923c483203b82021-12-21 12:23:08.195root 11241100x8000000000000000660072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4269cf068b11a9d92021-12-21 12:23:08.195root 11241100x8000000000000000660073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbee4a3ff146526c2021-12-21 12:23:08.195root 11241100x8000000000000000660074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101681159079f9e52021-12-21 12:23:08.195root 11241100x8000000000000000660075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a7690f216f24dc2021-12-21 12:23:08.196root 11241100x8000000000000000660076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b770a0d951e6e82021-12-21 12:23:08.196root 11241100x8000000000000000660077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45484f90d830b66f2021-12-21 12:23:08.196root 11241100x8000000000000000660078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82455d9e8252b9552021-12-21 12:23:08.196root 11241100x8000000000000000660079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd3d07c450531912021-12-21 12:23:08.196root 11241100x8000000000000000660080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94821b74836a465b2021-12-21 12:23:08.196root 11241100x8000000000000000660081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adfefbd1e16dde62021-12-21 12:23:08.196root 11241100x8000000000000000660082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d53c2001908a0a2021-12-21 12:23:08.196root 11241100x8000000000000000660083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a5044857d9e26a2021-12-21 12:23:08.196root 11241100x8000000000000000660084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e829644327e3a7622021-12-21 12:23:08.196root 11241100x8000000000000000660085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cda828d0da934c42021-12-21 12:23:08.196root 11241100x8000000000000000660086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b11c2eb40f77b5f2021-12-21 12:23:08.693root 11241100x8000000000000000660087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4384b705522a0f02021-12-21 12:23:08.693root 11241100x8000000000000000660088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3595fba3b77920592021-12-21 12:23:08.693root 11241100x8000000000000000660089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66be15d29ce16e5c2021-12-21 12:23:08.693root 11241100x8000000000000000660090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290cd6bb1e9aa96f2021-12-21 12:23:08.693root 11241100x8000000000000000660091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb6f1c6bf7f9e492021-12-21 12:23:08.693root 11241100x8000000000000000660092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3ddd227310429d2021-12-21 12:23:08.693root 11241100x8000000000000000660093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4f345e3860a60d2021-12-21 12:23:08.693root 11241100x8000000000000000660094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec768a23bc9d4b702021-12-21 12:23:08.693root 11241100x8000000000000000660095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13a250efda500212021-12-21 12:23:08.693root 11241100x8000000000000000660096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0776a11c976ba6c2021-12-21 12:23:08.694root 11241100x8000000000000000660097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4af3c957eda5f22021-12-21 12:23:08.694root 11241100x8000000000000000660098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c373881c0898590d2021-12-21 12:23:08.694root 11241100x8000000000000000660099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ccc854b21f0f6b2021-12-21 12:23:08.694root 11241100x8000000000000000660100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef85a6467a7beff32021-12-21 12:23:08.694root 11241100x8000000000000000660101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86c5bfa157c9a1f2021-12-21 12:23:08.694root 11241100x8000000000000000660102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09cef5253c4c938b2021-12-21 12:23:08.694root 11241100x8000000000000000660103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99392d4e9f5f1d352021-12-21 12:23:08.694root 11241100x8000000000000000660104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ec71c4ea6aa5122021-12-21 12:23:08.694root 11241100x8000000000000000660105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118b84b3b7cb83402021-12-21 12:23:08.694root 11241100x8000000000000000660106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d32392ff80805c22021-12-21 12:23:08.694root 11241100x8000000000000000660107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b983539ee1b4c672021-12-21 12:23:08.695root 11241100x8000000000000000660108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31ead44440922612021-12-21 12:23:08.695root 11241100x8000000000000000660109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732a83479901d91b2021-12-21 12:23:08.695root 11241100x8000000000000000660110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b878f09d3937182021-12-21 12:23:08.695root 11241100x8000000000000000660111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8087fdcca0e43bd82021-12-21 12:23:08.695root 11241100x8000000000000000660112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0182c3a3f20e86f42021-12-21 12:23:08.695root 11241100x8000000000000000660113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2fc4a15866c1462021-12-21 12:23:08.696root 11241100x8000000000000000660114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a718c654b2fcdf2021-12-21 12:23:08.696root 11241100x8000000000000000660115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27c3cdb1398f2722021-12-21 12:23:08.696root 11241100x8000000000000000660116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88d705b3a560d402021-12-21 12:23:08.696root 11241100x8000000000000000660117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9412151f5bca0fc2021-12-21 12:23:08.696root 11241100x8000000000000000660118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f558fa3ec9db4682021-12-21 12:23:08.696root 11241100x8000000000000000660119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0399a36b483a7f052021-12-21 12:23:08.697root 11241100x8000000000000000660120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7131cab89365a1ad2021-12-21 12:23:08.697root 11241100x8000000000000000660121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f660a1cf34b5d02021-12-21 12:23:08.697root 11241100x8000000000000000660122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee416b1205dab0d2021-12-21 12:23:08.697root 11241100x8000000000000000660123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e972438bb91235782021-12-21 12:23:08.697root 11241100x8000000000000000660124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcafed5d4f9f62342021-12-21 12:23:08.697root 11241100x8000000000000000660125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d12e7b6e74fb67b2021-12-21 12:23:08.697root 11241100x8000000000000000660126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1857d0c0f5935e262021-12-21 12:23:08.698root 11241100x8000000000000000660127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41ea1c64a8064582021-12-21 12:23:08.698root 11241100x8000000000000000660128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:08.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914956d816f7fe1d2021-12-21 12:23:08.698root 354300x8000000000000000660129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.091{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49910-false10.0.1.12-8000- 11241100x8000000000000000660130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c78f3bc1576b2512021-12-21 12:23:09.091root 11241100x8000000000000000660131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5029e47ca371f102021-12-21 12:23:09.091root 11241100x8000000000000000660132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2326cc86563fcf1b2021-12-21 12:23:09.092root 11241100x8000000000000000660133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85ba690803616dd2021-12-21 12:23:09.092root 11241100x8000000000000000660134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd1c47fbe676ca12021-12-21 12:23:09.092root 11241100x8000000000000000660135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86d7264b47856592021-12-21 12:23:09.092root 11241100x8000000000000000660136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285d0d67e4991a282021-12-21 12:23:09.092root 11241100x8000000000000000660137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0102de846116ae52021-12-21 12:23:09.092root 11241100x8000000000000000660138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744f7b93099894b62021-12-21 12:23:09.092root 11241100x8000000000000000660139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ff9a9dad74b5e02021-12-21 12:23:09.092root 11241100x8000000000000000660140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8041fafddeb1d4ab2021-12-21 12:23:09.093root 11241100x8000000000000000660141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb780d9381b2c742021-12-21 12:23:09.093root 11241100x8000000000000000660142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ef5591850194482021-12-21 12:23:09.093root 11241100x8000000000000000660143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663060898fac19402021-12-21 12:23:09.093root 11241100x8000000000000000660144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66235841a2f1006e2021-12-21 12:23:09.093root 11241100x8000000000000000660145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501b65e6841763cf2021-12-21 12:23:09.093root 11241100x8000000000000000660146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977425d1f55cf95d2021-12-21 12:23:09.093root 11241100x8000000000000000660147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a116894ebc83c9e52021-12-21 12:23:09.093root 11241100x8000000000000000660148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d5e5d65d2520442021-12-21 12:23:09.094root 11241100x8000000000000000660149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccc997f9b7b52d42021-12-21 12:23:09.094root 11241100x8000000000000000660150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231a8d666a1261f92021-12-21 12:23:09.094root 11241100x8000000000000000660151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178e55a3b6d113ef2021-12-21 12:23:09.095root 11241100x8000000000000000660152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ce352bbf7f57f82021-12-21 12:23:09.095root 11241100x8000000000000000660153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f348033f41e42a172021-12-21 12:23:09.095root 11241100x8000000000000000660154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201e92be911bc9772021-12-21 12:23:09.096root 11241100x8000000000000000660155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490c5418a9ee9d1f2021-12-21 12:23:09.096root 11241100x8000000000000000660156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e645a6764264232021-12-21 12:23:09.096root 11241100x8000000000000000660157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cca2a50b8c8fa8b2021-12-21 12:23:09.097root 11241100x8000000000000000660158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a6832f799b2a2c2021-12-21 12:23:09.097root 11241100x8000000000000000660159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b0a4dda547c3ca2021-12-21 12:23:09.097root 11241100x8000000000000000660160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebbdff74189cfdb2021-12-21 12:23:09.097root 11241100x8000000000000000660161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a15dc02dabbb3482021-12-21 12:23:09.098root 11241100x8000000000000000660162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbefb96f9072b6e62021-12-21 12:23:09.098root 11241100x8000000000000000660163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e42bc08370cc57f2021-12-21 12:23:09.098root 11241100x8000000000000000660164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33701caae5ef773c2021-12-21 12:23:09.098root 11241100x8000000000000000660165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9897eb25f286b7552021-12-21 12:23:09.099root 11241100x8000000000000000660166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4ac33b12fbf5692021-12-21 12:23:09.099root 11241100x8000000000000000660167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659efaea53286e152021-12-21 12:23:09.101root 11241100x8000000000000000660168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a8b1d9dbb84ca52021-12-21 12:23:09.101root 11241100x8000000000000000660169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588c6356eeaa47152021-12-21 12:23:09.101root 11241100x8000000000000000660170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef4e6e82efde76f2021-12-21 12:23:09.102root 11241100x8000000000000000660171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1fc823a8d293652021-12-21 12:23:09.102root 11241100x8000000000000000660172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91cea9d09b9600a2021-12-21 12:23:09.102root 11241100x8000000000000000660173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212ec69a68cd22492021-12-21 12:23:09.102root 11241100x8000000000000000660174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0480ef0d86a05692021-12-21 12:23:09.102root 11241100x8000000000000000660175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf0c1af86b637fc2021-12-21 12:23:09.102root 11241100x8000000000000000660176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86eca96fb347ceba2021-12-21 12:23:09.102root 11241100x8000000000000000660177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98616dec3134a9182021-12-21 12:23:09.102root 11241100x8000000000000000660178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e11c6663ebdd6e12021-12-21 12:23:09.102root 11241100x8000000000000000660179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd18b6e02f10f88f2021-12-21 12:23:09.102root 11241100x8000000000000000660180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402c54b8769b10232021-12-21 12:23:09.103root 11241100x8000000000000000660181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f84da2fb5ea44842021-12-21 12:23:09.103root 23542300x8000000000000000660182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.143{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000660183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40593e95237c3792021-12-21 12:23:09.443root 11241100x8000000000000000660184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8438c602151f2a4b2021-12-21 12:23:09.443root 11241100x8000000000000000660185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f199a38d304fa9db2021-12-21 12:23:09.443root 11241100x8000000000000000660186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d130ca9382f4ed292021-12-21 12:23:09.443root 11241100x8000000000000000660187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebaf05a2704353a2021-12-21 12:23:09.443root 11241100x8000000000000000660188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04f6424588e7c3f2021-12-21 12:23:09.443root 11241100x8000000000000000660189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f04290ced4d764f2021-12-21 12:23:09.443root 11241100x8000000000000000660190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67815c45e12d4d2c2021-12-21 12:23:09.443root 11241100x8000000000000000660191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d553f90ab710f6952021-12-21 12:23:09.443root 11241100x8000000000000000660192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7b3307aaa23b8b2021-12-21 12:23:09.443root 11241100x8000000000000000660193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe6adb205505dc32021-12-21 12:23:09.443root 11241100x8000000000000000660194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2e9d5c0b58899a2021-12-21 12:23:09.443root 11241100x8000000000000000660195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c911e0670706a7862021-12-21 12:23:09.444root 11241100x8000000000000000660196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19909bf478e95fc2021-12-21 12:23:09.444root 11241100x8000000000000000660197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac53a0d0fdd356a22021-12-21 12:23:09.444root 11241100x8000000000000000660198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd40d46c03be7ef2021-12-21 12:23:09.444root 11241100x8000000000000000660199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ca3d594a6691a72021-12-21 12:23:09.444root 11241100x8000000000000000660200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6509cc6120afb22021-12-21 12:23:09.444root 11241100x8000000000000000660201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0d77e92def50ae2021-12-21 12:23:09.444root 11241100x8000000000000000660202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96af2b2d7bc475e32021-12-21 12:23:09.444root 11241100x8000000000000000660203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfd98e2c4a734a02021-12-21 12:23:09.444root 11241100x8000000000000000660204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ac07cd7aef05ea2021-12-21 12:23:09.445root 11241100x8000000000000000660205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906458bad44411492021-12-21 12:23:09.445root 11241100x8000000000000000660206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9f10d52dfa10412021-12-21 12:23:09.445root 11241100x8000000000000000660207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c681e080e9cf62a52021-12-21 12:23:09.445root 11241100x8000000000000000660208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b294de1f7df0c62021-12-21 12:23:09.445root 11241100x8000000000000000660209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d4a17114b8984b2021-12-21 12:23:09.445root 11241100x8000000000000000660210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5380049d0f4c8f02021-12-21 12:23:09.445root 11241100x8000000000000000660211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e27752db4c81e9c2021-12-21 12:23:09.445root 11241100x8000000000000000660212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490f29bd6e85447c2021-12-21 12:23:09.445root 11241100x8000000000000000660213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e37bece697c1d72021-12-21 12:23:09.445root 11241100x8000000000000000660214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019541e823ab084e2021-12-21 12:23:09.445root 11241100x8000000000000000660215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95bd22577e319042021-12-21 12:23:09.445root 11241100x8000000000000000660216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ef69f4aeb0d3552021-12-21 12:23:09.445root 11241100x8000000000000000660217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e942b3e251d0122021-12-21 12:23:09.446root 11241100x8000000000000000660218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84114284a688ba902021-12-21 12:23:09.446root 11241100x8000000000000000660219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a70c42173658ec2021-12-21 12:23:09.446root 11241100x8000000000000000660220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7b3619da7f09e72021-12-21 12:23:09.446root 11241100x8000000000000000660221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65dafce15021c4f12021-12-21 12:23:09.446root 11241100x8000000000000000660222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e49c83f5f1b854e2021-12-21 12:23:09.446root 11241100x8000000000000000660223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba366a0a40f47e092021-12-21 12:23:09.446root 11241100x8000000000000000660224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5399910de5fe058a2021-12-21 12:23:09.446root 11241100x8000000000000000660225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0283fba81055f552021-12-21 12:23:09.446root 11241100x8000000000000000660226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7049a82f4c22d7cb2021-12-21 12:23:09.446root 11241100x8000000000000000660227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9980abc378acbf2021-12-21 12:23:09.446root 11241100x8000000000000000660228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae627c4ec48864e22021-12-21 12:23:09.446root 11241100x8000000000000000660229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58ce3bb9d49ce642021-12-21 12:23:09.446root 11241100x8000000000000000660230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ff7f127c9770312021-12-21 12:23:09.447root 154100x8000000000000000660231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.825{ec2b6afe-c72d-61c1-087e-b130a1550000}10080/usr/bin/sudo-----sudo useradd atomic_user1/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 11241100x8000000000000000660232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.826{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803f17e210078e072021-12-21 12:23:09.826root 11241100x8000000000000000660233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.827{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071d2dd8dfc3b2fc2021-12-21 12:23:09.827root 11241100x8000000000000000660234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.827{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49adc68f44759c32021-12-21 12:23:09.827root 11241100x8000000000000000660235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.827{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902b133d13f795ad2021-12-21 12:23:09.827root 11241100x8000000000000000660236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.827{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52068762813be812021-12-21 12:23:09.827root 11241100x8000000000000000660237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.827{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e05f916ba223642021-12-21 12:23:09.827root 11241100x8000000000000000660238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.827{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046350ac0c5789812021-12-21 12:23:09.827root 11241100x8000000000000000660239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.828{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3dbbc742ab12f42021-12-21 12:23:09.828root 11241100x8000000000000000660240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.828{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4111aa4ecf8357c72021-12-21 12:23:09.828root 11241100x8000000000000000660241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.828{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7794a7d918c55abf2021-12-21 12:23:09.828root 11241100x8000000000000000660242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.828{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8d8ef48a71a9b42021-12-21 12:23:09.828root 11241100x8000000000000000660243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.828{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499e00773d78bfc82021-12-21 12:23:09.828root 11241100x8000000000000000660244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.829{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c98d5c003c7cbea2021-12-21 12:23:09.829root 11241100x8000000000000000660245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.829{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2dad449a1eea1b32021-12-21 12:23:09.829root 11241100x8000000000000000660246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.829{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94256780a7cfcda22021-12-21 12:23:09.829root 11241100x8000000000000000660247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.829{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc433da5a1c53e32021-12-21 12:23:09.829root 11241100x8000000000000000660248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.829{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc8f0b014418c952021-12-21 12:23:09.829root 11241100x8000000000000000660249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.829{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3206bc41bb80be3e2021-12-21 12:23:09.829root 11241100x8000000000000000660250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.829{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63058208c9712442021-12-21 12:23:09.829root 11241100x8000000000000000660251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.829{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85573dfca515b9712021-12-21 12:23:09.829root 11241100x8000000000000000660252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.830{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f889b262a842652c2021-12-21 12:23:09.830root 11241100x8000000000000000660253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.830{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb017a7df20fd3b32021-12-21 12:23:09.830root 11241100x8000000000000000660254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.830{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7ff364ccdc506d2021-12-21 12:23:09.830root 11241100x8000000000000000660255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.830{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6ece61028d70de2021-12-21 12:23:09.830root 11241100x8000000000000000660256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.830{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45e5761a0bd9f5e2021-12-21 12:23:09.830root 11241100x8000000000000000660257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.830{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab12a7d58edbca882021-12-21 12:23:09.830root 11241100x8000000000000000660258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.830{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293afa2641622c892021-12-21 12:23:09.830root 11241100x8000000000000000660259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.830{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d3d90d06fe39a12021-12-21 12:23:09.830root 11241100x8000000000000000660260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.831{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec153c3a4fffeac52021-12-21 12:23:09.831root 11241100x8000000000000000660261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.831{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242004b2a47479882021-12-21 12:23:09.831root 11241100x8000000000000000660262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.831{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b115b68229d0ed2021-12-21 12:23:09.831root 11241100x8000000000000000660263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.831{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcd340df1c068d82021-12-21 12:23:09.831root 11241100x8000000000000000660264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.831{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823e17af31b675fd2021-12-21 12:23:09.831root 354300x8000000000000000660265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.831{ec2b6afe-c72d-61c1-087e-b130a1550000}10080/usr/bin/sudoubuntuudptruefalse127.0.0.1-48249-false127.0.0.53-53- 11241100x8000000000000000660266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.831{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e225f430d96f1672021-12-21 12:23:09.831root 11241100x8000000000000000660267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.832{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9393ae83bac043c2021-12-21 12:23:09.832root 354300x8000000000000000660268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.831{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-39917-false10.0.0.2-53- 354300x8000000000000000660269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.831{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-49468-false10.0.0.2-53- 11241100x8000000000000000660270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.832{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573c6d1a89b5c7742021-12-21 12:23:09.832root 11241100x8000000000000000660271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.832{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde318081e6142b72021-12-21 12:23:09.832root 11241100x8000000000000000660272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.832{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70eb0f8c94236f872021-12-21 12:23:09.832root 354300x8000000000000000660273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.832{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-48249- 354300x8000000000000000660274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.832{ec2b6afe-c72d-61c1-087e-b130a1550000}10080/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-48249- 11241100x8000000000000000660275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.832{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b4025849144b062021-12-21 12:23:09.832root 11241100x8000000000000000660276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.833{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a601a7d9614a577b2021-12-21 12:23:09.833root 11241100x8000000000000000660277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.833{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7bd6bf25965f812021-12-21 12:23:09.833root 11241100x8000000000000000660278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.833{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd64aa7051d657172021-12-21 12:23:09.833root 11241100x8000000000000000660279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.833{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b055e120b50d6992021-12-21 12:23:09.833root 11241100x8000000000000000660280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.833{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f44a1c295492d82021-12-21 12:23:09.833root 11241100x8000000000000000660281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.833{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810a3a76d226ace72021-12-21 12:23:09.833root 11241100x8000000000000000660282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.833{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522186d53cef0d9e2021-12-21 12:23:09.833root 11241100x8000000000000000660283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.834{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3db767ab66ddf322021-12-21 12:23:09.834root 11241100x8000000000000000660284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.834{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa537ca782d3c7a62021-12-21 12:23:09.834root 11241100x8000000000000000660285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.834{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde750cbbb4e613d2021-12-21 12:23:09.834root 11241100x8000000000000000660286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.834{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808d55d7d4e3908d2021-12-21 12:23:09.834root 11241100x8000000000000000660287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.834{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195515ddfb23be552021-12-21 12:23:09.834root 11241100x8000000000000000660288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.834{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aace3f40237c8ba2021-12-21 12:23:09.834root 11241100x8000000000000000660289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.835{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af017227e5c0adf02021-12-21 12:23:09.835root 11241100x8000000000000000660290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.835{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65b87fdebf3c1592021-12-21 12:23:09.835root 11241100x8000000000000000660291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.835{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4a2d3e8dac46182021-12-21 12:23:09.835root 11241100x8000000000000000660292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.835{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84feb8580ca650b02021-12-21 12:23:09.835root 11241100x8000000000000000660293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.835{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcadb4a1a0ab43ac2021-12-21 12:23:09.835root 11241100x8000000000000000660294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.835{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2362bc599d5f24c12021-12-21 12:23:09.835root 11241100x8000000000000000660295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.835{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08470ec209bffce92021-12-21 12:23:09.835root 11241100x8000000000000000660296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.836{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2946ac661570779e2021-12-21 12:23:09.836root 11241100x8000000000000000660297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.836{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d49948b6e984e292021-12-21 12:23:09.836root 11241100x8000000000000000660298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.836{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babffeb42ba31a602021-12-21 12:23:09.836root 11241100x8000000000000000660299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.836{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1497719f7464c0702021-12-21 12:23:09.836root 11241100x8000000000000000660300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.836{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50368fba07473dd02021-12-21 12:23:09.836root 11241100x8000000000000000660301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.836{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30dfa2751e4405b2021-12-21 12:23:09.836root 11241100x8000000000000000660302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.836{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c29d07255a42a92021-12-21 12:23:09.836root 11241100x8000000000000000660303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.837{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7f593d927d6bbb2021-12-21 12:23:09.837root 11241100x8000000000000000660304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.837{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ac823dbdc9cc232021-12-21 12:23:09.837root 11241100x8000000000000000660305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.837{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fcf1e4d63afa0d2021-12-21 12:23:09.837root 11241100x8000000000000000660306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.837{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5916c593e8f58b2021-12-21 12:23:09.837root 11241100x8000000000000000660307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.837{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e4b84df6d4c1d02021-12-21 12:23:09.837root 11241100x8000000000000000660308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.837{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb803d771de3d0302021-12-21 12:23:09.837root 11241100x8000000000000000660309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.837{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cd6aa933ad6c2b2021-12-21 12:23:09.837root 11241100x8000000000000000660310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.838{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f626fb554afa462021-12-21 12:23:09.838root 11241100x8000000000000000660311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.838{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e73556add466072021-12-21 12:23:09.838root 11241100x8000000000000000660312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.838{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6b5a4b573f17bf2021-12-21 12:23:09.838root 11241100x8000000000000000660313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.838{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3c21f97d2319a92021-12-21 12:23:09.838root 11241100x8000000000000000660314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.838{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d87107318e6ebc2021-12-21 12:23:09.838root 11241100x8000000000000000660315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.838{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53fdb814c6f55022021-12-21 12:23:09.838root 11241100x8000000000000000660316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.838{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4205cd22323285c42021-12-21 12:23:09.838root 11241100x8000000000000000660317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.838{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6426369f726b338c2021-12-21 12:23:09.838root 11241100x8000000000000000660318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.839{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df244925c7ab1b62021-12-21 12:23:09.839root 11241100x8000000000000000660319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.839{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cdd6063f31b25d2021-12-21 12:23:09.839root 11241100x8000000000000000660320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.839{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b32364a45f61e322021-12-21 12:23:09.839root 11241100x8000000000000000660321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.839{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2764ce1fcee2d4902021-12-21 12:23:09.839root 11241100x8000000000000000660322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.839{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f334aca1f9dc10642021-12-21 12:23:09.839root 11241100x8000000000000000660323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.840{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7305e0e1b635408e2021-12-21 12:23:09.840root 11241100x8000000000000000660324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.840{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeee172306410bad2021-12-21 12:23:09.840root 11241100x8000000000000000660325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.840{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7786ec9e6cfdb8642021-12-21 12:23:09.840root 11241100x8000000000000000660326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.840{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d00d85cb518ece92021-12-21 12:23:09.840root 11241100x8000000000000000660327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.841{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7443b27f3eff372a2021-12-21 12:23:09.841root 11241100x8000000000000000660328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.841{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26183de2546565592021-12-21 12:23:09.841root 11241100x8000000000000000660329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.841{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1024d5ad0b9c6e3b2021-12-21 12:23:09.841root 11241100x8000000000000000660330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.841{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c525b7d6a3c18ff2021-12-21 12:23:09.841root 11241100x8000000000000000660331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.841{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608660a8132699762021-12-21 12:23:09.841root 11241100x8000000000000000660332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.841{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72188c8912a24f012021-12-21 12:23:09.841root 11241100x8000000000000000660333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.841{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf7d0fd0bfdedcf2021-12-21 12:23:09.841root 11241100x8000000000000000660334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.842{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6df9804e7ba5532021-12-21 12:23:09.842root 11241100x8000000000000000660335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.842{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aded69a037bf8182021-12-21 12:23:09.842root 11241100x8000000000000000660336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.842{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fdf0d361621c9f72021-12-21 12:23:09.842root 11241100x8000000000000000660337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.842{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9255abcce8c2abb42021-12-21 12:23:09.842root 11241100x8000000000000000660338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.842{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7143bd5cd7917cf42021-12-21 12:23:09.842root 11241100x8000000000000000660339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.842{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fb5159e2506b322021-12-21 12:23:09.842root 354300x8000000000000000660340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.842{ec2b6afe-c72d-61c1-087e-b130a1550000}10080/usr/bin/sudoubuntuudptruefalse127.0.0.1-48053-false127.0.0.53-53- 354300x8000000000000000660341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.843{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-48053- 11241100x8000000000000000660342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.843{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300024b5e90acd892021-12-21 12:23:09.843root 11241100x8000000000000000660343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.843{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa3646ed3c61ec72021-12-21 12:23:09.843root 11241100x8000000000000000660344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.843{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b201a72b2aa732142021-12-21 12:23:09.843root 11241100x8000000000000000660345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.843{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0628be58e7d1ce02021-12-21 12:23:09.843root 11241100x8000000000000000660346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.844{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bc93eeea2f070a2021-12-21 12:23:09.844root 11241100x8000000000000000660347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.844{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e440175960959322021-12-21 12:23:09.844root 11241100x8000000000000000660348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.844{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5f9916741c5dbe2021-12-21 12:23:09.844root 11241100x8000000000000000660349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.845{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d28a0ce4d9630b2021-12-21 12:23:09.845root 11241100x8000000000000000660350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.845{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cc30dfa1ccea5a2021-12-21 12:23:09.845root 11241100x8000000000000000660351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.845{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345a15c6cc9221c52021-12-21 12:23:09.845root 11241100x8000000000000000660352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.847{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73d97e69ace80b12021-12-21 12:23:09.847root 11241100x8000000000000000660353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.847{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84503b7362b2f2472021-12-21 12:23:09.847root 11241100x8000000000000000660354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.847{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9966b29e1b836ef2021-12-21 12:23:09.847root 11241100x8000000000000000660355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.847{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db058c3e779692782021-12-21 12:23:09.847root 11241100x8000000000000000660356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.847{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6137ecb10e996b2021-12-21 12:23:09.847root 11241100x8000000000000000660357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.847{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820b2e82e94903042021-12-21 12:23:09.847root 11241100x8000000000000000660358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ef05d4c69c1fa02021-12-21 12:23:09.848root 11241100x8000000000000000660359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10e147b6fd212172021-12-21 12:23:09.848root 11241100x8000000000000000660360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf0a03a3676564b2021-12-21 12:23:09.848root 11241100x8000000000000000660361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced5129bb0a1384f2021-12-21 12:23:09.848root 154100x8000000000000000660362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.847{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081/usr/sbin/useradd-----useradd atomic_user1/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-c72d-61c1-087e-b130a1550000}10080/usr/bin/sudosudoubuntu 11241100x8000000000000000660363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85775edeb929210d2021-12-21 12:23:09.848root 11241100x8000000000000000660364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0be7cf8d3991abf2021-12-21 12:23:09.848root 11241100x8000000000000000660365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cc03440b5a2f8c2021-12-21 12:23:09.848root 11241100x8000000000000000660366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.850{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5aa557a01c8e742021-12-21 12:23:09.850root 11241100x8000000000000000660367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f1ecad3f2055572021-12-21 12:23:09.851root 11241100x8000000000000000660368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04b2b474f1f44382021-12-21 12:23:09.851root 11241100x8000000000000000660369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1127c83bb2f239472021-12-21 12:23:09.851root 11241100x8000000000000000660370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924299bbaab16d232021-12-21 12:23:09.851root 11241100x8000000000000000660371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb556a1bd081f0e2021-12-21 12:23:09.851root 11241100x8000000000000000660372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d83f070a0672062021-12-21 12:23:09.851root 11241100x8000000000000000660373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2a17725dd7df632021-12-21 12:23:09.851root 11241100x8000000000000000660374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.852{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f313e0c3316b9dc92021-12-21 12:23:09.852root 11241100x8000000000000000660375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.852{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081/usr/sbin/useradd/etc/passwd.100812021-12-21 12:23:09.852root 23542300x8000000000000000660376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.852{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081root/usr/sbin/useradd/etc/passwd.10081--- 11241100x8000000000000000660377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.852{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081/usr/sbin/useradd/etc/group.100812021-12-21 12:23:09.852root 23542300x8000000000000000660378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.853{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081root/usr/sbin/useradd/etc/group.10081--- 11241100x8000000000000000660379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.853{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081/usr/sbin/useradd/etc/gshadow.100812021-12-21 12:23:09.853root 23542300x8000000000000000660380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.853{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081root/usr/sbin/useradd/etc/gshadow.10081--- 11241100x8000000000000000660381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.853{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081/usr/sbin/useradd/etc/subuid.100812021-12-21 12:23:09.853root 23542300x8000000000000000660382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.853{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081root/usr/sbin/useradd/etc/subuid.10081--- 11241100x8000000000000000660383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.853{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081/usr/sbin/useradd/etc/subgid.100812021-12-21 12:23:09.853root 23542300x8000000000000000660384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.853{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081root/usr/sbin/useradd/etc/subgid.10081--- 11241100x8000000000000000660385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.853{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081/usr/sbin/useradd/etc/shadow.100812021-12-21 12:23:09.853root 23542300x8000000000000000660386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.854{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081root/usr/sbin/useradd/etc/shadow.10081--- 11241100x8000000000000000660387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.865{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081/usr/sbin/useradd/etc/passwd+2021-12-21 12:23:09.865root 11241100x8000000000000000660388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.869{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081/usr/sbin/useradd/etc/shadow+2021-12-21 12:23:09.869root 11241100x8000000000000000660389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.903{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081/usr/sbin/useradd/etc/group+2021-12-21 12:23:09.903root 11241100x8000000000000000660390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.907{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081/usr/sbin/useradd/etc/gshadow+2021-12-21 12:23:09.907root 11241100x8000000000000000660391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.910{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081/usr/sbin/useradd/etc/subuid+2021-12-21 12:23:09.910root 11241100x8000000000000000660392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.914{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081/usr/sbin/useradd/etc/subgid+2021-12-21 12:23:09.914root 23542300x8000000000000000660393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.916{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081root/usr/sbin/useradd/etc/shadow.lock--- 23542300x8000000000000000660394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.916{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081root/usr/sbin/useradd/etc/passwd.lock--- 23542300x8000000000000000660395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.916{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081root/usr/sbin/useradd/etc/group.lock--- 23542300x8000000000000000660396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.916{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081root/usr/sbin/useradd/etc/gshadow.lock--- 23542300x8000000000000000660397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.916{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081root/usr/sbin/useradd/etc/subuid.lock--- 23542300x8000000000000000660398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.917{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081root/usr/sbin/useradd/etc/subgid.lock--- 534500x8000000000000000660399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.917{ec2b6afe-9233-61c1-c81a-006eee550000}10082-root 534500x8000000000000000660400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.918{00000000-0000-0000-0000-000000000000}10083<unknown process>root 154100x8000000000000000660401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.918{ec2b6afe-c72d-61c1-a822-66bfec550000}10084/sbin/pam_tally2-----pam_tally2 --user atomic_user1 --reset --quiet/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081/usr/sbin/useradduseraddroot 534500x8000000000000000660402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.921{ec2b6afe-c72d-61c1-a822-66bfec550000}10084/sbin/pam_tally2root 534500x8000000000000000660403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.922{ec2b6afe-c72d-61c1-0000-000000000000}10085-root 534500x8000000000000000660404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.922{ec2b6afe-c72d-61c1-0000-000000000000}10086-root 534500x8000000000000000660405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.923{ec2b6afe-c72d-61c1-b8bd-0a6a6e550000}10081/usr/sbin/useraddroot 534500x8000000000000000660406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:09.923{ec2b6afe-c72d-61c1-087e-b130a1550000}10080/usr/bin/sudoroot 11241100x8000000000000000660407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:10.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cedb5098f803f102021-12-21 12:23:10.192root 354300x8000000000000000660489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:21.053{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49914-false10.0.1.12-8000- 11241100x8000000000000000660490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:21.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b199f89142443e822021-12-21 12:23:21.442root 11241100x8000000000000000660491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:21.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d49ad7db6da40c72021-12-21 12:23:21.942root 11241100x8000000000000000660492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:22.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29a9c18362b720c2021-12-21 12:23:22.442root 11241100x8000000000000000660493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:22.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7c777394fd6f602021-12-21 12:23:22.942root 11241100x8000000000000000660494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:23.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ace9d8924b1c4af2021-12-21 12:23:23.442root 11241100x8000000000000000660495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:23.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71d3d98c03926e02021-12-21 12:23:23.942root 11241100x8000000000000000660496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:24.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f2d4fe589becbd2021-12-21 12:23:24.442root 11241100x8000000000000000660497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:24.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766c7181a2ff6e942021-12-21 12:23:24.942root 11241100x8000000000000000660498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:25.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d62d4cee0d22ff2021-12-21 12:23:25.442root 354300x8000000000000000660499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:25.812{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-36980-false10.0.1.12-8089- 11241100x8000000000000000660500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:25.813{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b32548326a80922021-12-21 12:23:25.813root 354300x8000000000000000660501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.099{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49918-false10.0.1.12-8000- 11241100x8000000000000000660502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1111ac5b5ee01b9d2021-12-21 12:23:26.099root 11241100x8000000000000000660503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6deb6f681f22972021-12-21 12:23:26.099root 154100x8000000000000000660504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.282{ec2b6afe-c73e-61c1-08ee-f1b6a7550000}10088/usr/bin/sudo-----sudo adduser atomic_user2/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 354300x8000000000000000660505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.286{ec2b6afe-c73e-61c1-08ee-f1b6a7550000}10088/usr/bin/sudoubuntuudptruefalse127.0.0.1-40865-false127.0.0.53-53- 354300x8000000000000000660506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.286{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-53699-false10.0.0.2-53- 354300x8000000000000000660507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.286{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-49306-false10.0.0.2-53- 354300x8000000000000000660508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.287{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-40865- 354300x8000000000000000660509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.287{ec2b6afe-c73e-61c1-08ee-f1b6a7550000}10088/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-56385- 354300x8000000000000000660510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.287{ec2b6afe-c73e-61c1-08ee-f1b6a7550000}10088/usr/bin/sudoubuntuudptruefalse127.0.0.1-56385-false127.0.0.53-53- 354300x8000000000000000660511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.287{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-56385- 154100x8000000000000000660512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.291{ec2b6afe-c73e-61c1-9877-bc9e4b560000}10089/usr/bin/perl-----/usr/bin/perl /usr/sbin/adduser atomic_user2/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-c73e-61c1-08ee-f1b6a7550000}10088/usr/bin/sudosudoubuntu 154100x8000000000000000660513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.355{ec2b6afe-c73e-61c1-50dd-7688fb550000}10090/usr/sbin/groupadd-----/usr/sbin/groupadd -g 1003 atomic_user2/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-c73e-61c1-9877-bc9e4b560000}10089/usr/bin/perl/usr/bin/perlroot 11241100x8000000000000000660514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94ae6311707443e2021-12-21 12:23:26.356root 11241100x8000000000000000660515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be5684e62b3e78c2021-12-21 12:23:26.356root 11241100x8000000000000000660516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46779bc669d040f22021-12-21 12:23:26.356root 11241100x8000000000000000660517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9734a5ef1541315f2021-12-21 12:23:26.356root 11241100x8000000000000000660518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bd898732c766ee2021-12-21 12:23:26.358root 11241100x8000000000000000660519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ea6c0ce031b50c2021-12-21 12:23:26.358root 11241100x8000000000000000660520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479d3e74649fa0c42021-12-21 12:23:26.358root 11241100x8000000000000000660521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26c414f50669c302021-12-21 12:23:26.358root 11241100x8000000000000000660522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.358{ec2b6afe-c73e-61c1-50dd-7688fb550000}10090/usr/sbin/groupadd/etc/group.100902021-12-21 12:23:26.358root 11241100x8000000000000000660523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e7b0d750a2b5b42021-12-21 12:23:26.358root 23542300x8000000000000000660524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.358{ec2b6afe-c73e-61c1-50dd-7688fb550000}10090root/usr/sbin/groupadd/etc/group.10090--- 11241100x8000000000000000660525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.358{ec2b6afe-c73e-61c1-50dd-7688fb550000}10090/usr/sbin/groupadd/etc/gshadow.100902021-12-21 12:23:26.358root 11241100x8000000000000000660526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c967ae747c6f6f2021-12-21 12:23:26.358root 11241100x8000000000000000660527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.359{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840e42afab194e642021-12-21 12:23:26.359root 11241100x8000000000000000660528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.359{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd74d6f011d11ee2021-12-21 12:23:26.359root 23542300x8000000000000000660529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.359{ec2b6afe-c73e-61c1-50dd-7688fb550000}10090root/usr/sbin/groupadd/etc/gshadow.10090--- 11241100x8000000000000000660530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.360{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db85a12c6b1dcab2021-12-21 12:23:26.360root 11241100x8000000000000000660531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.361{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4302c095d9bf9b2021-12-21 12:23:26.361root 11241100x8000000000000000660532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.361{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072bd46b21c216f02021-12-21 12:23:26.361root 11241100x8000000000000000660533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.361{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101ef5e39dc0a8a72021-12-21 12:23:26.361root 11241100x8000000000000000660534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.361{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be47acd47d161d02021-12-21 12:23:26.361root 11241100x8000000000000000660535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.361{ec2b6afe-c73e-61c1-50dd-7688fb550000}10090/usr/sbin/groupadd/etc/group+2021-12-21 12:23:26.361root 23542300x8000000000000000660536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.364{ec2b6afe-c73e-61c1-50dd-7688fb550000}10090root/usr/sbin/groupadd/etc/group.lock--- 11241100x8000000000000000660537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.367{ec2b6afe-c73e-61c1-50dd-7688fb550000}10090/usr/sbin/groupadd/etc/gshadow+2021-12-21 12:23:26.367root 23542300x8000000000000000660538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.369{ec2b6afe-c73e-61c1-50dd-7688fb550000}10090root/usr/sbin/groupadd/etc/gshadow.lock--- 534500x8000000000000000660539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.370{00000000-0000-0000-0000-000000000000}10091<unknown process>root 534500x8000000000000000660540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.370{00000000-0000-0000-0000-000000000000}10092<unknown process>root 534500x8000000000000000660541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.371{00000000-0000-0000-0000-000000000000}10093<unknown process>root 534500x8000000000000000660542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.371{ec2b6afe-c73e-61c1-50dd-7688fb550000}10090/usr/sbin/groupaddroot 154100x8000000000000000660543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.372{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094/usr/sbin/useradd-----/usr/sbin/useradd -d /home/atomic_user2 -g atomic_user2 -s /bin/bash -u 1003 atomic_user2/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-c73e-61c1-9877-bc9e4b560000}10089/usr/bin/perl/usr/bin/perlroot 11241100x8000000000000000660544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.376{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094/usr/sbin/useradd/etc/passwd.100942021-12-21 12:23:26.376root 23542300x8000000000000000660545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.376{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094root/usr/sbin/useradd/etc/passwd.10094--- 11241100x8000000000000000660546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.376{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094/usr/sbin/useradd/etc/group.100942021-12-21 12:23:26.376root 23542300x8000000000000000660547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.376{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094root/usr/sbin/useradd/etc/group.10094--- 11241100x8000000000000000660548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.377{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094/usr/sbin/useradd/etc/gshadow.100942021-12-21 12:23:26.377root 23542300x8000000000000000660549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.377{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094root/usr/sbin/useradd/etc/gshadow.10094--- 11241100x8000000000000000660550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.377{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094/usr/sbin/useradd/etc/subuid.100942021-12-21 12:23:26.377root 23542300x8000000000000000660551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.377{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094root/usr/sbin/useradd/etc/subuid.10094--- 11241100x8000000000000000660552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.377{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094/usr/sbin/useradd/etc/subgid.100942021-12-21 12:23:26.377root 23542300x8000000000000000660553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.377{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094root/usr/sbin/useradd/etc/subgid.10094--- 11241100x8000000000000000660554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.377{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094/usr/sbin/useradd/etc/shadow.100942021-12-21 12:23:26.377root 23542300x8000000000000000660555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.377{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094root/usr/sbin/useradd/etc/shadow.10094--- 11241100x8000000000000000660556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.384{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094/usr/sbin/useradd/etc/passwd+2021-12-21 12:23:26.384root 11241100x8000000000000000660557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.388{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094/usr/sbin/useradd/etc/shadow+2021-12-21 12:23:26.388root 11241100x8000000000000000660558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.393{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094/usr/sbin/useradd/etc/subuid+2021-12-21 12:23:26.393root 11241100x8000000000000000660559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.397{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094/usr/sbin/useradd/etc/subgid+2021-12-21 12:23:26.397root 23542300x8000000000000000660560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.399{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094root/usr/sbin/useradd/etc/shadow.lock--- 23542300x8000000000000000660561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.399{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094root/usr/sbin/useradd/etc/passwd.lock--- 23542300x8000000000000000660562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.399{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094root/usr/sbin/useradd/etc/group.lock--- 23542300x8000000000000000660563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.399{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094root/usr/sbin/useradd/etc/gshadow.lock--- 23542300x8000000000000000660564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.399{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094root/usr/sbin/useradd/etc/subuid.lock--- 23542300x8000000000000000660565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.399{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094root/usr/sbin/useradd/etc/subgid.lock--- 534500x8000000000000000660566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.400{00000000-0000-0000-0000-000000000000}10095<unknown process>root 534500x8000000000000000660567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.401{ec2b6afe-c72d-61c1-0000-000000000000}10096-root 154100x8000000000000000660568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.401{ec2b6afe-c73e-61c1-a8b2-06a7c1550000}10097/sbin/pam_tally2-----pam_tally2 --user atomic_user2 --reset --quiet/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094/usr/sbin/useradd/usr/sbin/useraddroot 534500x8000000000000000660569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.405{ec2b6afe-c73e-61c1-a8b2-06a7c1550000}10097/sbin/pam_tally2root 534500x8000000000000000660570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.406{ec2b6afe-c72d-61c1-0000-000000000000}10098-root 534500x8000000000000000660571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.406{00000000-0000-0000-0000-000000000000}10099<unknown process>root 534500x8000000000000000660572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.406{ec2b6afe-c73e-61c1-b8ad-052f8a550000}10094/usr/sbin/useraddroot 154100x8000000000000000660573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.407{ec2b6afe-c73e-61c1-6832-6e8688550000}10100/bin/dash-----sh -c cd /etc/skel; find . -print/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-c73e-61c1-9877-bc9e4b560000}10089/usr/bin/perl/usr/bin/perlroot 154100x8000000000000000660574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.408{ec2b6afe-c73e-61c1-90d0-29991c560000}10101/usr/bin/find-----find . -print/etc/skelroot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-c73e-61c1-6832-6e8688550000}10100/bin/dashshroot 534500x8000000000000000660575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.410{ec2b6afe-c73e-61c1-90d0-29991c560000}10101/usr/bin/findroot 11241100x8000000000000000660576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.410{ec2b6afe-c73e-61c1-9877-bc9e4b560000}10089/usr/bin/perl/home/atomic_user2/.bashrc2021-12-21 12:23:26.410root 534500x8000000000000000660577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.412{ec2b6afe-c73e-61c1-6832-6e8688550000}10100/bin/dashroot 11241100x8000000000000000660578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.412{ec2b6afe-c73e-61c1-9877-bc9e4b560000}10089/usr/bin/perl/home/atomic_user2/.bash_logout2021-12-21 12:23:26.412root 11241100x8000000000000000660579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.412{ec2b6afe-c73e-61c1-9877-bc9e4b560000}10089/usr/bin/perl/home/atomic_user2/.profile2021-12-21 12:23:26.412root 154100x8000000000000000660580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.412{ec2b6afe-c73e-61c1-f0f7-3092cd550000}10102/usr/bin/passwd-----/usr/bin/passwd atomic_user2/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-c73e-61c1-9877-bc9e4b560000}10089/usr/bin/perl/usr/bin/perlroot 11241100x8000000000000000660581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5061443fb6b474592021-12-21 12:23:26.693root 11241100x8000000000000000660582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b4d29fad7a286f2021-12-21 12:23:26.693root 11241100x8000000000000000660583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2044e8611594061b2021-12-21 12:23:26.693root 11241100x8000000000000000660584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05d755b684fab2f2021-12-21 12:23:26.693root 11241100x8000000000000000660585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e35c227263842af2021-12-21 12:23:26.693root 11241100x8000000000000000660586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3018bb1dbf0d852021-12-21 12:23:26.693root 11241100x8000000000000000660587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4aa393be28b4362021-12-21 12:23:26.693root 11241100x8000000000000000660588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140f6777e327a3e92021-12-21 12:23:26.694root 11241100x8000000000000000660589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30301c7cdf7333272021-12-21 12:23:26.694root 11241100x8000000000000000660590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7057cf44a480132021-12-21 12:23:26.694root 11241100x8000000000000000660591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82798933b19578b2021-12-21 12:23:26.694root 11241100x8000000000000000660592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3705ad4dd2b3387d2021-12-21 12:23:26.694root 11241100x8000000000000000660593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87d2ba47ffbecb72021-12-21 12:23:26.694root 11241100x8000000000000000660594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4399995b5288dc202021-12-21 12:23:26.694root 11241100x8000000000000000660595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9d7ac05687216a2021-12-21 12:23:26.694root 11241100x8000000000000000660596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db514b89ba8574da2021-12-21 12:23:26.694root 11241100x8000000000000000660597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfbaaabf14dd5432021-12-21 12:23:26.694root 11241100x8000000000000000660598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7466443da57ebd62021-12-21 12:23:26.694root 11241100x8000000000000000660599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae14c6d0faee2472021-12-21 12:23:26.695root 11241100x8000000000000000660600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8bf8f974a361462021-12-21 12:23:26.695root 11241100x8000000000000000660601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecccf2ef722d4e02021-12-21 12:23:26.695root 11241100x8000000000000000660602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d39c5bf42e4ed72021-12-21 12:23:26.695root 11241100x8000000000000000660603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e6a11edce2f7112021-12-21 12:23:26.695root 11241100x8000000000000000660604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55df9d9c2fad5e112021-12-21 12:23:26.695root 11241100x8000000000000000660605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad2cf57e860c4d02021-12-21 12:23:26.696root 11241100x8000000000000000660606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd86dcbb2f3ba92a2021-12-21 12:23:26.696root 11241100x8000000000000000660607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ab05d5660198152021-12-21 12:23:26.696root 11241100x8000000000000000660608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a96234ffc5afc432021-12-21 12:23:26.696root 11241100x8000000000000000660609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8d78be96664a552021-12-21 12:23:26.696root 11241100x8000000000000000660610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057a845224b862512021-12-21 12:23:26.697root 11241100x8000000000000000660611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24927c1cbf30d8622021-12-21 12:23:26.697root 11241100x8000000000000000660612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3814d547c4373e02021-12-21 12:23:26.698root 11241100x8000000000000000660613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b8513d4b1078282021-12-21 12:23:26.699root 11241100x8000000000000000660614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d4a1e699ba4df52021-12-21 12:23:26.699root 11241100x8000000000000000660615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e59543df06bf052021-12-21 12:23:26.699root 11241100x8000000000000000660616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1e61fa27f277642021-12-21 12:23:26.699root 11241100x8000000000000000660617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2607aacd99b239582021-12-21 12:23:26.700root 11241100x8000000000000000660618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8633f8b2397d23a52021-12-21 12:23:26.700root 11241100x8000000000000000660619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1276b9ef8d4595d2021-12-21 12:23:26.700root 11241100x8000000000000000660620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02964e16dc7ab1b2021-12-21 12:23:26.701root 11241100x8000000000000000660621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2181a3a5e6942b862021-12-21 12:23:26.701root 11241100x8000000000000000660622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f763127675e9d72021-12-21 12:23:26.701root 11241100x8000000000000000660623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed19f3e5b4b372ec2021-12-21 12:23:26.701root 11241100x8000000000000000660624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb29822e8397d792021-12-21 12:23:26.702root 11241100x8000000000000000660625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31095f189fe1edd92021-12-21 12:23:26.702root 11241100x8000000000000000660626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debb09e854db533d2021-12-21 12:23:26.702root 11241100x8000000000000000660627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6659d3ffb70fb5d32021-12-21 12:23:26.702root 11241100x8000000000000000660628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66d7cfcbf8182412021-12-21 12:23:26.703root 11241100x8000000000000000660629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a8a9308276777a2021-12-21 12:23:26.703root 11241100x8000000000000000660630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9873f3bd747704e92021-12-21 12:23:26.703root 11241100x8000000000000000660631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4ad1367d3f5e622021-12-21 12:23:26.703root 11241100x8000000000000000660632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73cb8661d78145c2021-12-21 12:23:26.703root 11241100x8000000000000000660633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e33f4a95c8142a92021-12-21 12:23:26.704root 11241100x8000000000000000660634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d13d3c55f04de12021-12-21 12:23:26.704root 11241100x8000000000000000660635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28baee3caf139ca32021-12-21 12:23:26.704root 11241100x8000000000000000660636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae22e257c4e60b5b2021-12-21 12:23:26.704root 11241100x8000000000000000660637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26396bccc83e2d532021-12-21 12:23:26.705root 11241100x8000000000000000660638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f66ca0f0ce2e292021-12-21 12:23:26.705root 11241100x8000000000000000660639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8658fbfe3b9189c22021-12-21 12:23:26.705root 11241100x8000000000000000660640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8f90237c9fc5322021-12-21 12:23:26.705root 11241100x8000000000000000660641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc506d7309acde72021-12-21 12:23:26.706root 11241100x8000000000000000660642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23724ce83b045efe2021-12-21 12:23:26.706root 11241100x8000000000000000660643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e29e8e8c5d34ea72021-12-21 12:23:26.706root 11241100x8000000000000000660644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2ca510f202658c2021-12-21 12:23:26.707root 11241100x8000000000000000660645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff37068738315f12021-12-21 12:23:26.707root 11241100x8000000000000000660646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8055aa5354defeb2021-12-21 12:23:26.707root 11241100x8000000000000000660647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98179064f1a69b92021-12-21 12:23:26.707root 11241100x8000000000000000660648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bba1ca1aa99e662021-12-21 12:23:26.708root 11241100x8000000000000000660649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc0ad5c394ae3ed2021-12-21 12:23:26.708root 11241100x8000000000000000660650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e693ebe559c9e02021-12-21 12:23:26.708root 11241100x8000000000000000660651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015f702229f2b3042021-12-21 12:23:26.708root 11241100x8000000000000000660652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca85f4845aa2a532021-12-21 12:23:26.708root 11241100x8000000000000000660653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0f363ef14133d72021-12-21 12:23:26.709root 11241100x8000000000000000660654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7df57eadc0cb55c2021-12-21 12:23:26.709root 11241100x8000000000000000660655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a77e5119e9e33022021-12-21 12:23:26.709root 11241100x8000000000000000660656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969123fd531ae3562021-12-21 12:23:26.709root 11241100x8000000000000000660657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2848e21ec37a612021-12-21 12:23:26.709root 11241100x8000000000000000660658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311b43f7f1a09e842021-12-21 12:23:26.709root 11241100x8000000000000000660659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e556aac73b70c3e2021-12-21 12:23:26.710root 11241100x8000000000000000660660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ab0cd1e49bd6ff2021-12-21 12:23:26.710root 11241100x8000000000000000660661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac12f42da224f202021-12-21 12:23:26.710root 11241100x8000000000000000660662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7c97a9718614f02021-12-21 12:23:26.711root 11241100x8000000000000000660663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a019ad8baeede52021-12-21 12:23:26.711root 11241100x8000000000000000660664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db6ec1ca33e8dfb2021-12-21 12:23:26.711root 11241100x8000000000000000660665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7001f18e00cad52f2021-12-21 12:23:26.711root 11241100x8000000000000000660666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cfe93a216771ce2021-12-21 12:23:26.712root 11241100x8000000000000000660667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83291f7055eab3072021-12-21 12:23:26.712root 11241100x8000000000000000660668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4744e2e89a91962021-12-21 12:23:26.712root 11241100x8000000000000000660669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee763f7de64d9eb2021-12-21 12:23:26.712root 11241100x8000000000000000660670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5438d9043cd4e3ed2021-12-21 12:23:26.713root 11241100x8000000000000000660671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c9ab5c286fed262021-12-21 12:23:26.713root 11241100x8000000000000000660672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec72192bd48384f2021-12-21 12:23:26.713root 11241100x8000000000000000660673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6eaf08f9f1c58892021-12-21 12:23:26.713root 11241100x8000000000000000660674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5476a70625e5d98d2021-12-21 12:23:26.713root 11241100x8000000000000000660675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3744357773d2bcb32021-12-21 12:23:26.713root 11241100x8000000000000000660676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abb1633364bffd12021-12-21 12:23:26.714root 11241100x8000000000000000660677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cf2715117cf25b2021-12-21 12:23:26.714root 11241100x8000000000000000660678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d064bc62f29072e2021-12-21 12:23:26.714root 11241100x8000000000000000660679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f68b5ad25a1e7e2021-12-21 12:23:26.714root 11241100x8000000000000000660680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99815cafd014eca22021-12-21 12:23:26.715root 11241100x8000000000000000660681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2036ba63c193672021-12-21 12:23:26.715root 11241100x8000000000000000660682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270be4f972f474762021-12-21 12:23:26.715root 11241100x8000000000000000660683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68739ffc2621bf532021-12-21 12:23:26.715root 11241100x8000000000000000660684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789798cb06953b322021-12-21 12:23:26.716root 11241100x8000000000000000660685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a3d49193be77972021-12-21 12:23:26.716root 11241100x8000000000000000660686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a528b3990c45ea32021-12-21 12:23:26.716root 11241100x8000000000000000660687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2172087dd0b8e38d2021-12-21 12:23:26.716root 11241100x8000000000000000660688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce1dcd5e853c3df2021-12-21 12:23:26.716root 11241100x8000000000000000660689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5992ce4c836ec1552021-12-21 12:23:26.716root 11241100x8000000000000000660690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa12d0722fef1872021-12-21 12:23:26.717root 11241100x8000000000000000660691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c162dcbfac1603f2021-12-21 12:23:26.717root 11241100x8000000000000000660692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8f7c871a397deb2021-12-21 12:23:26.717root 11241100x8000000000000000660693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f47349e326e9e22021-12-21 12:23:26.717root 11241100x8000000000000000660694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82395d9cd83f05742021-12-21 12:23:26.718root 11241100x8000000000000000660695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040f7c6301fad60c2021-12-21 12:23:26.718root 11241100x8000000000000000660696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035e1077dc82c7862021-12-21 12:23:26.718root 11241100x8000000000000000660697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423ebd3b8f8d41252021-12-21 12:23:26.718root 11241100x8000000000000000660698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162e3726f28759c52021-12-21 12:23:26.718root 11241100x8000000000000000660699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba30e2169892c76b2021-12-21 12:23:26.719root 11241100x8000000000000000660700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106a2276921d27c82021-12-21 12:23:26.719root 11241100x8000000000000000660701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd5b210d27f9b9e2021-12-21 12:23:26.719root 11241100x8000000000000000660702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af051d965541a5802021-12-21 12:23:26.719root 11241100x8000000000000000660703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07b05e053d936162021-12-21 12:23:26.719root 11241100x8000000000000000660704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37b7052d5e1c8262021-12-21 12:23:26.719root 11241100x8000000000000000660705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49a233d25fb05d12021-12-21 12:23:26.720root 11241100x8000000000000000660706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21334780778b2d4d2021-12-21 12:23:26.720root 11241100x8000000000000000660707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f3ad762bb949562021-12-21 12:23:26.720root 11241100x8000000000000000660708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264e74c0a582b7392021-12-21 12:23:26.720root 11241100x8000000000000000660709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069aad850377f5042021-12-21 12:23:26.720root 11241100x8000000000000000660710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673db05fccc1656e2021-12-21 12:23:26.721root 11241100x8000000000000000660711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d945a032a40871102021-12-21 12:23:26.721root 11241100x8000000000000000660712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e321474198edde32021-12-21 12:23:26.721root 11241100x8000000000000000660713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd49903cb108c8252021-12-21 12:23:26.721root 11241100x8000000000000000660714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e108d40ba5835a02021-12-21 12:23:26.721root 11241100x8000000000000000660715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bbeafbf6ddeebc2021-12-21 12:23:26.722root 11241100x8000000000000000660716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20afae4a7674a0c52021-12-21 12:23:26.722root 11241100x8000000000000000660717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf29de1e47bd5f82021-12-21 12:23:26.722root 11241100x8000000000000000660718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65432b23afd3fa0a2021-12-21 12:23:26.722root 11241100x8000000000000000660719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144411448e6390372021-12-21 12:23:26.722root 11241100x8000000000000000660720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4ff1f4acafd0f02021-12-21 12:23:26.723root 11241100x8000000000000000660721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd806626d50b136c2021-12-21 12:23:26.723root 11241100x8000000000000000660722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db61f15fea40c1fd2021-12-21 12:23:26.723root 11241100x8000000000000000660723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a949633cde04f1502021-12-21 12:23:26.723root 11241100x8000000000000000660724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd6c6a6c5ae4ed82021-12-21 12:23:26.723root 11241100x8000000000000000660725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25e6a7a9ad045fa2021-12-21 12:23:26.724root 11241100x8000000000000000660726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05187b411e3bea502021-12-21 12:23:26.724root 11241100x8000000000000000660727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554a4386938024e72021-12-21 12:23:26.724root 11241100x8000000000000000660728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62c8b473e2b66ae2021-12-21 12:23:26.724root 11241100x8000000000000000660729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3dc39cc0da25d202021-12-21 12:23:26.724root 11241100x8000000000000000660730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f5f42509d6221e2021-12-21 12:23:26.725root 11241100x8000000000000000660731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4578ec993850fc2021-12-21 12:23:26.725root 11241100x8000000000000000660732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6832183c1e2b1d202021-12-21 12:23:26.725root 11241100x8000000000000000660733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab5a1d4e8ad4a882021-12-21 12:23:26.725root 11241100x8000000000000000660734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ebc3c39f1b428a2021-12-21 12:23:26.726root 11241100x8000000000000000660735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec33f139eba161b02021-12-21 12:23:26.726root 11241100x8000000000000000660736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec006328b01e879e2021-12-21 12:23:26.726root 11241100x8000000000000000660737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e1f2970b5d72882021-12-21 12:23:26.726root 11241100x8000000000000000660738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f011cfb2977dc562021-12-21 12:23:26.726root 11241100x8000000000000000660739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa069b333c699652021-12-21 12:23:26.727root 11241100x8000000000000000660740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f326d589e058d62021-12-21 12:23:26.727root 11241100x8000000000000000660741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac72641d1f9a91112021-12-21 12:23:26.727root 11241100x8000000000000000660742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642b6b1b2c22dcab2021-12-21 12:23:26.727root 11241100x8000000000000000660743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd4d87c2b38899d2021-12-21 12:23:26.728root 11241100x8000000000000000660744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fc0a59207755352021-12-21 12:23:26.728root 11241100x8000000000000000660745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caef70a0692e5b642021-12-21 12:23:26.728root 11241100x8000000000000000660746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7640b7472f6a8bbf2021-12-21 12:23:26.728root 11241100x8000000000000000660747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3669400d4e8c9162021-12-21 12:23:26.728root 11241100x8000000000000000660748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b0d89ba4e643ce2021-12-21 12:23:26.728root 11241100x8000000000000000660749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfb4277c72964a72021-12-21 12:23:26.729root 11241100x8000000000000000660750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edfc2cd1db467762021-12-21 12:23:26.729root 11241100x8000000000000000660751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b513dc94683a942021-12-21 12:23:26.729root 11241100x8000000000000000660752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25c158f774cd5742021-12-21 12:23:26.729root 11241100x8000000000000000660753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c57853f59e45e22021-12-21 12:23:26.729root 11241100x8000000000000000660754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e12258b58b4c3fb2021-12-21 12:23:26.729root 11241100x8000000000000000660755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.729{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624a7c313bb7bb9d2021-12-21 12:23:26.729root 11241100x8000000000000000660756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.730{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa8a23f2f69205e2021-12-21 12:23:26.730root 11241100x8000000000000000660757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.730{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b788231f6a82f7c12021-12-21 12:23:26.730root 11241100x8000000000000000660758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.730{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f4faf38df6a48c2021-12-21 12:23:26.730root 11241100x8000000000000000660759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.730{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4971c47d6dc86e2021-12-21 12:23:26.730root 11241100x8000000000000000660760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.730{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb454c2a780956f2021-12-21 12:23:26.730root 11241100x8000000000000000660761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ff387b2fc471ed2021-12-21 12:23:26.731root 11241100x8000000000000000660762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0135fb658a6f262021-12-21 12:23:26.731root 11241100x8000000000000000660763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f47cf02e2681d7d2021-12-21 12:23:26.731root 11241100x8000000000000000660764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61161afdc2f58c2e2021-12-21 12:23:26.731root 11241100x8000000000000000660765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.731{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33383dff12a13cfd2021-12-21 12:23:26.731root 11241100x8000000000000000660766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668bac79ed4832b22021-12-21 12:23:26.732root 11241100x8000000000000000660767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa621a32cecb7b972021-12-21 12:23:26.732root 11241100x8000000000000000660768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc7df1d6f49809f2021-12-21 12:23:26.732root 11241100x8000000000000000660769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffda5abeda7a3ec2021-12-21 12:23:26.732root 11241100x8000000000000000660770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.732{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15537310d16d35542021-12-21 12:23:26.732root 11241100x8000000000000000660771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5f14203c5a30322021-12-21 12:23:26.733root 11241100x8000000000000000660772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ac27b2e9a8db3e2021-12-21 12:23:26.733root 11241100x8000000000000000660773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd034c56235eda82021-12-21 12:23:26.733root 11241100x8000000000000000660774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b292ae85e3ce0b52021-12-21 12:23:26.733root 11241100x8000000000000000660775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b52d67f7fb61b12021-12-21 12:23:26.733root 11241100x8000000000000000660776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3334737f83b0d32021-12-21 12:23:26.733root 11241100x8000000000000000660777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818ab02c4346af032021-12-21 12:23:26.733root 11241100x8000000000000000660778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1207a6b34a141b642021-12-21 12:23:26.733root 11241100x8000000000000000660779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c5eeaf7166d7a32021-12-21 12:23:26.733root 11241100x8000000000000000660780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc565b409a6136e2021-12-21 12:23:26.733root 11241100x8000000000000000660781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ad1537b892b5022021-12-21 12:23:26.733root 11241100x8000000000000000660782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.733{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b521d3f0bc0971802021-12-21 12:23:26.733root 11241100x8000000000000000660783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5110e797cccd7b2021-12-21 12:23:26.734root 11241100x8000000000000000660784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5599182bca74846c2021-12-21 12:23:26.734root 11241100x8000000000000000660785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41372f681da7a37c2021-12-21 12:23:26.734root 11241100x8000000000000000660786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc49df4f620f04c82021-12-21 12:23:26.734root 11241100x8000000000000000660787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb91d0efd6c89b72021-12-21 12:23:26.734root 11241100x8000000000000000660788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a20f8eb5ba0a4f2021-12-21 12:23:26.734root 11241100x8000000000000000660789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38f20ecfb3aaa552021-12-21 12:23:26.734root 11241100x8000000000000000660790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac97b94177089a92021-12-21 12:23:26.734root 11241100x8000000000000000660791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd4dcfe8354c8852021-12-21 12:23:26.734root 11241100x8000000000000000660792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b118f25865a7e42021-12-21 12:23:26.734root 11241100x8000000000000000660793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12de0be3611e42de2021-12-21 12:23:26.734root 11241100x8000000000000000660794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdb5c8fb57feade2021-12-21 12:23:26.734root 11241100x8000000000000000660795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d127458f96ee9c12021-12-21 12:23:26.734root 11241100x8000000000000000660796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a3620b17ede0e32021-12-21 12:23:26.734root 11241100x8000000000000000660797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.734{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18b3d5c6d65c1392021-12-21 12:23:26.734root 11241100x8000000000000000660798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371f3954ce5a8f472021-12-21 12:23:26.735root 11241100x8000000000000000660799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81a91ad3a5d4a0c2021-12-21 12:23:26.735root 11241100x8000000000000000660800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0295187c43274492021-12-21 12:23:26.735root 11241100x8000000000000000660801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3b4026155212e82021-12-21 12:23:26.735root 11241100x8000000000000000660802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58dac257ebb859a72021-12-21 12:23:26.735root 11241100x8000000000000000660803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c975a7312507ec372021-12-21 12:23:26.735root 11241100x8000000000000000660804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1e7beebae879c32021-12-21 12:23:26.735root 11241100x8000000000000000660805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1aa1786c5ca69b2021-12-21 12:23:26.735root 11241100x8000000000000000660806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86527af978f78e42021-12-21 12:23:26.735root 11241100x8000000000000000660807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.735{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbfd1f5a4244d002021-12-21 12:23:26.735root 11241100x8000000000000000660808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb9388553d85f662021-12-21 12:23:26.736root 11241100x8000000000000000660809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6451a18cb5c4fa2021-12-21 12:23:26.736root 11241100x8000000000000000660810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d274010c027243592021-12-21 12:23:26.736root 11241100x8000000000000000660811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a079efa33ef71d7c2021-12-21 12:23:26.736root 11241100x8000000000000000660812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef575a094bbe1f52021-12-21 12:23:26.736root 11241100x8000000000000000660813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed97cbb2397311e2021-12-21 12:23:26.736root 11241100x8000000000000000660814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c1ee3df7f31c502021-12-21 12:23:26.736root 11241100x8000000000000000660815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2745de58773c59062021-12-21 12:23:26.736root 11241100x8000000000000000660816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f422b5064e6158482021-12-21 12:23:26.736root 11241100x8000000000000000660817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b65f9da970fffa2021-12-21 12:23:26.736root 11241100x8000000000000000660818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04146421d7a6cec32021-12-21 12:23:26.736root 11241100x8000000000000000660819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.736{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227ac77db7dc1f912021-12-21 12:23:26.736root 11241100x8000000000000000660820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221cc8f6c17ea7cc2021-12-21 12:23:26.737root 11241100x8000000000000000660821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ad0ea69f056bd72021-12-21 12:23:26.737root 11241100x8000000000000000660822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee20b18413562022021-12-21 12:23:26.737root 11241100x8000000000000000660823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67613e15d85f152b2021-12-21 12:23:26.737root 11241100x8000000000000000660824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bc2ba70d4bce5a2021-12-21 12:23:26.737root 11241100x8000000000000000660825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba3fa0cbf5e95f92021-12-21 12:23:26.737root 11241100x8000000000000000660826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1e93a78dda9cfc2021-12-21 12:23:26.737root 11241100x8000000000000000660827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3400f815287c262021-12-21 12:23:26.737root 11241100x8000000000000000660828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fca53ad4912c5a2021-12-21 12:23:26.737root 11241100x8000000000000000660829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162e6529de1767b32021-12-21 12:23:26.737root 11241100x8000000000000000660830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89818954b78b74a02021-12-21 12:23:26.737root 11241100x8000000000000000660831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e50bbfee612f1dc2021-12-21 12:23:26.737root 11241100x8000000000000000660832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.737{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6498827fc99a23e52021-12-21 12:23:26.737root 11241100x8000000000000000660833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.738{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c43615962db5342021-12-21 12:23:26.738root 11241100x8000000000000000660834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.738{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b50ad54e03e42042021-12-21 12:23:26.738root 11241100x8000000000000000660835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.738{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bc5935e5035c102021-12-21 12:23:26.738root 11241100x8000000000000000660836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:26.738{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2288fc3f615b32032021-12-21 12:23:26.738root 11241100x8000000000000000660837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075f1e1ec421b5ab2021-12-21 12:23:27.193root 11241100x8000000000000000660838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c837a4fd6a343fbe2021-12-21 12:23:27.193root 11241100x8000000000000000660839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4f414610623adc2021-12-21 12:23:27.193root 11241100x8000000000000000660840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7354acf0095ad762021-12-21 12:23:27.193root 11241100x8000000000000000660841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f43327cb0c9ed3e2021-12-21 12:23:27.193root 11241100x8000000000000000660842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898c2b608091f5442021-12-21 12:23:27.193root 11241100x8000000000000000660843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecee5326e39408242021-12-21 12:23:27.193root 11241100x8000000000000000660844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d439fa38e730fba2021-12-21 12:23:27.193root 11241100x8000000000000000660845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb133686b3e76b342021-12-21 12:23:27.193root 11241100x8000000000000000660846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0937149e04bcad2021-12-21 12:23:27.193root 11241100x8000000000000000660847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1120878af37ad49e2021-12-21 12:23:27.193root 11241100x8000000000000000660848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ec28eb22a51c6f2021-12-21 12:23:27.193root 11241100x8000000000000000660849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556fef6802309b9e2021-12-21 12:23:27.194root 11241100x8000000000000000660850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b68a6ab36c37fca2021-12-21 12:23:27.194root 11241100x8000000000000000660851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604279055447b9e42021-12-21 12:23:27.194root 11241100x8000000000000000660852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9eba0447085b3b2021-12-21 12:23:27.194root 11241100x8000000000000000660853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be38a6cb6301f1552021-12-21 12:23:27.194root 11241100x8000000000000000660854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa99a21c69d5cfb2021-12-21 12:23:27.194root 11241100x8000000000000000660855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933c7f8da217fc442021-12-21 12:23:27.194root 11241100x8000000000000000660856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9b134aed66c9f72021-12-21 12:23:27.194root 11241100x8000000000000000660857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86671ab52b69f7c12021-12-21 12:23:27.194root 11241100x8000000000000000660858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc026ba8e71df05c2021-12-21 12:23:27.194root 11241100x8000000000000000660859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ebcec00bd906512021-12-21 12:23:27.194root 11241100x8000000000000000660860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097c8ca06a1952022021-12-21 12:23:27.195root 11241100x8000000000000000660861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a790ca472ec6d102021-12-21 12:23:27.195root 11241100x8000000000000000660862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25959e25a6cbb88a2021-12-21 12:23:27.195root 11241100x8000000000000000660863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4461a888ad10f0172021-12-21 12:23:27.195root 11241100x8000000000000000660864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0857b5c34bea402021-12-21 12:23:27.195root 11241100x8000000000000000660865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff038110659113e2021-12-21 12:23:27.195root 11241100x8000000000000000660866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47560279bec69aa82021-12-21 12:23:27.195root 11241100x8000000000000000660867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bab09ce9537fb52021-12-21 12:23:27.195root 11241100x8000000000000000660868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca88ef2716e72582021-12-21 12:23:27.195root 11241100x8000000000000000660869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0839335275fc05c52021-12-21 12:23:27.196root 11241100x8000000000000000660870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed57696c77c538422021-12-21 12:23:27.196root 11241100x8000000000000000660871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d83028ff8362732021-12-21 12:23:27.196root 11241100x8000000000000000660872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83a1b36adfee34a2021-12-21 12:23:27.196root 11241100x8000000000000000660873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3c8361e67cb7e92021-12-21 12:23:27.196root 11241100x8000000000000000660874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8250cb3300016f662021-12-21 12:23:27.196root 11241100x8000000000000000660875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4adad93b7c170b2021-12-21 12:23:27.196root 11241100x8000000000000000660876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721d39d414fe9e392021-12-21 12:23:27.196root 11241100x8000000000000000660877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f736214a72ea7a122021-12-21 12:23:27.196root 11241100x8000000000000000660878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b04eb9893e1e9d22021-12-21 12:23:27.196root 11241100x8000000000000000660879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dcc12ff0012d792021-12-21 12:23:27.197root 11241100x8000000000000000660880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64a49e81b8b2bb42021-12-21 12:23:27.197root 11241100x8000000000000000660881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66175d8b54282d02021-12-21 12:23:27.197root 11241100x8000000000000000660882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164f41efbc96272f2021-12-21 12:23:27.197root 11241100x8000000000000000660883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be82948f45b3ff652021-12-21 12:23:27.197root 11241100x8000000000000000660884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba59348f6e1aae772021-12-21 12:23:27.197root 11241100x8000000000000000660885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8232825caf31ecf22021-12-21 12:23:27.197root 11241100x8000000000000000660886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70de5a0b8ce720f22021-12-21 12:23:27.197root 11241100x8000000000000000660887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d10cc6a6d4a9a3a2021-12-21 12:23:27.198root 11241100x8000000000000000660888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0e32b52ce41ade2021-12-21 12:23:27.198root 11241100x8000000000000000660889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca16ec40608dbda2021-12-21 12:23:27.199root 11241100x8000000000000000660890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5c70c8284ac6dd2021-12-21 12:23:27.199root 11241100x8000000000000000660891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1b3a754e039ef42021-12-21 12:23:27.199root 11241100x8000000000000000660892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8571c99c6bc439512021-12-21 12:23:27.199root 11241100x8000000000000000660893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c919389041226332021-12-21 12:23:27.199root 11241100x8000000000000000660894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b22d0f8eb632c662021-12-21 12:23:27.200root 11241100x8000000000000000660895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e19d8b3b2fba7a82021-12-21 12:23:27.200root 11241100x8000000000000000660896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b428cd9032b305862021-12-21 12:23:27.200root 11241100x8000000000000000660897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175492e0135b607a2021-12-21 12:23:27.200root 11241100x8000000000000000660898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da204d10a28650e12021-12-21 12:23:27.200root 11241100x8000000000000000660899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4667402134c275d2021-12-21 12:23:27.200root 11241100x8000000000000000660900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eec9910b45868682021-12-21 12:23:27.200root 11241100x8000000000000000660901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d6e5c187b9f3532021-12-21 12:23:27.200root 11241100x8000000000000000660902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d027053339e80a2021-12-21 12:23:27.200root 11241100x8000000000000000660903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd593a8282721112021-12-21 12:23:27.200root 11241100x8000000000000000660904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f65ace4443f16352021-12-21 12:23:27.201root 11241100x8000000000000000660905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7fd11db3d292072021-12-21 12:23:27.201root 11241100x8000000000000000660906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace7c853edf67a112021-12-21 12:23:27.201root 11241100x8000000000000000660907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0af1e71f8454e62021-12-21 12:23:27.201root 11241100x8000000000000000660908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ee74781f3d27a62021-12-21 12:23:27.201root 11241100x8000000000000000660909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5235f19ba63e89d2021-12-21 12:23:27.201root 11241100x8000000000000000660910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65027fa5c8583db52021-12-21 12:23:27.201root 11241100x8000000000000000660911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b439b4d78d6c2042021-12-21 12:23:27.201root 11241100x8000000000000000660912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb32862ac2e887f2021-12-21 12:23:27.201root 11241100x8000000000000000660913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1321e9275498d7432021-12-21 12:23:27.201root 11241100x8000000000000000660914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ab1798ced35c202021-12-21 12:23:27.202root 11241100x8000000000000000660915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe32954def08e7cf2021-12-21 12:23:27.202root 11241100x8000000000000000660916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54190398b4348baf2021-12-21 12:23:27.202root 11241100x8000000000000000660917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae8c1d1e50abc3c2021-12-21 12:23:27.202root 11241100x8000000000000000660918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ea6bd1f7a37e692021-12-21 12:23:27.202root 11241100x8000000000000000660919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a8fcbed45dc3e92021-12-21 12:23:27.202root 11241100x8000000000000000660920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1781f82d7f7891f2021-12-21 12:23:27.202root 11241100x8000000000000000660921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5478a4e3047d3882021-12-21 12:23:27.202root 11241100x8000000000000000660922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7524acc35bc6cbab2021-12-21 12:23:27.203root 11241100x8000000000000000660923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe3f973c45b84a52021-12-21 12:23:27.203root 11241100x8000000000000000660924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504e61b46f4c39622021-12-21 12:23:27.203root 11241100x8000000000000000660925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f538fc5f55f77242021-12-21 12:23:27.203root 11241100x8000000000000000660926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209b8e675c41c8482021-12-21 12:23:27.203root 11241100x8000000000000000660927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fafc976d6767cc2021-12-21 12:23:27.204root 11241100x8000000000000000660928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6752e47679e6b0962021-12-21 12:23:27.204root 11241100x8000000000000000660929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d56234fab1c39692021-12-21 12:23:27.204root 11241100x8000000000000000660930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c31e8478ae78a12021-12-21 12:23:27.204root 11241100x8000000000000000660931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffebadcba9212b162021-12-21 12:23:27.204root 11241100x8000000000000000660932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572cfe5585797c9c2021-12-21 12:23:27.205root 11241100x8000000000000000660933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5a3d51f5a4c6e12021-12-21 12:23:27.206root 11241100x8000000000000000660934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63848c54d5502d9d2021-12-21 12:23:27.206root 11241100x8000000000000000660935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805b7f3bc0e5f2e62021-12-21 12:23:27.206root 11241100x8000000000000000660936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4b20704fb959922021-12-21 12:23:27.206root 11241100x8000000000000000660937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3d8bffbc8338562021-12-21 12:23:27.206root 11241100x8000000000000000660938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beaa63d7eedfda7f2021-12-21 12:23:27.206root 11241100x8000000000000000660939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee5c045bd4230632021-12-21 12:23:27.207root 11241100x8000000000000000660940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e787b8fb5ab5522021-12-21 12:23:27.207root 11241100x8000000000000000660941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a502a50f2b603c12021-12-21 12:23:27.207root 11241100x8000000000000000660942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcad2a9676ec6452021-12-21 12:23:27.207root 11241100x8000000000000000660943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b1d336962fee322021-12-21 12:23:27.207root 11241100x8000000000000000660944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfee91a43499ed472021-12-21 12:23:27.207root 11241100x8000000000000000660945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b679a7e0d17c1c2b2021-12-21 12:23:27.207root 11241100x8000000000000000660946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e5fff9aefab8682021-12-21 12:23:27.207root 11241100x8000000000000000660947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efdee470cbed9bb2021-12-21 12:23:27.207root 11241100x8000000000000000660948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d7aa40ff018f392021-12-21 12:23:27.207root 11241100x8000000000000000660949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e1bf7b8cf91ed32021-12-21 12:23:27.207root 11241100x8000000000000000660950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ff3c4c5ef8abce2021-12-21 12:23:27.208root 11241100x8000000000000000660951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcab2efeb205e072021-12-21 12:23:27.208root 11241100x8000000000000000660952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412462139a07cfad2021-12-21 12:23:27.208root 11241100x8000000000000000660953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69b823b5eb5379b2021-12-21 12:23:27.208root 11241100x8000000000000000660954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3234c68b0f09ac742021-12-21 12:23:27.208root 11241100x8000000000000000660955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8fb5e84fedac302021-12-21 12:23:27.208root 11241100x8000000000000000660956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bdb6093b8fec5b2021-12-21 12:23:27.208root 11241100x8000000000000000660957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e193cce3bf7d9442021-12-21 12:23:27.208root 11241100x8000000000000000660958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4eb46647e951542021-12-21 12:23:27.209root 11241100x8000000000000000660959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4feca220aa54bb822021-12-21 12:23:27.209root 11241100x8000000000000000660960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663416bcefddaa952021-12-21 12:23:27.209root 11241100x8000000000000000660961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3333ef9ad5387c2021-12-21 12:23:27.209root 11241100x8000000000000000660962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3b57bf2c0ff4772021-12-21 12:23:27.209root 11241100x8000000000000000660963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c08e9da6b0a1ea2021-12-21 12:23:27.209root 11241100x8000000000000000660964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8602d9dbd64e6c2021-12-21 12:23:27.209root 11241100x8000000000000000660965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088068f23d7d9a032021-12-21 12:23:27.209root 11241100x8000000000000000660966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfb4aea77aba58c2021-12-21 12:23:27.209root 11241100x8000000000000000660967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb80e4c6b24e8832021-12-21 12:23:27.209root 11241100x8000000000000000660968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92531c1eeb0f5d582021-12-21 12:23:27.209root 11241100x8000000000000000660969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5242aba8d9875d612021-12-21 12:23:27.209root 11241100x8000000000000000660970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cc273093ed34a62021-12-21 12:23:27.210root 11241100x8000000000000000660971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76310c73751af2e32021-12-21 12:23:27.693root 11241100x8000000000000000660972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523a9e33571ea8772021-12-21 12:23:27.693root 11241100x8000000000000000660973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b28088465986592021-12-21 12:23:27.693root 11241100x8000000000000000660974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757c0088cf23bfac2021-12-21 12:23:27.693root 11241100x8000000000000000660975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54839d88d3c0a7e2021-12-21 12:23:27.693root 11241100x8000000000000000660976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f658a0741222e11f2021-12-21 12:23:27.693root 11241100x8000000000000000660977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fb74a591bda6d82021-12-21 12:23:27.693root 11241100x8000000000000000660978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd3e681cdc992822021-12-21 12:23:27.693root 11241100x8000000000000000660979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bd58006346799b2021-12-21 12:23:27.693root 11241100x8000000000000000660980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a28775d4f5ea2562021-12-21 12:23:27.693root 11241100x8000000000000000660981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd1892e09826c9f2021-12-21 12:23:27.693root 11241100x8000000000000000660982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91574c35f2b71dd2021-12-21 12:23:27.693root 11241100x8000000000000000660983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c054a65863870a5a2021-12-21 12:23:27.694root 11241100x8000000000000000660984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204b370ff51652942021-12-21 12:23:27.694root 11241100x8000000000000000660985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc775883afd6ae802021-12-21 12:23:27.694root 11241100x8000000000000000660986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b3813eb972b9ce2021-12-21 12:23:27.694root 11241100x8000000000000000660987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f747825676465f02021-12-21 12:23:27.694root 11241100x8000000000000000660988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6725e0d9618e449c2021-12-21 12:23:27.694root 11241100x8000000000000000660989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21daa3fc9043aaa82021-12-21 12:23:27.694root 11241100x8000000000000000660990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff96ab32488872e2021-12-21 12:23:27.694root 11241100x8000000000000000660991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262d74e95bff642e2021-12-21 12:23:27.694root 11241100x8000000000000000660992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b66bdd97091cf552021-12-21 12:23:27.694root 11241100x8000000000000000660993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0ba3baf1f243402021-12-21 12:23:27.694root 11241100x8000000000000000660994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5bc2cf51a7d51c2021-12-21 12:23:27.694root 11241100x8000000000000000660995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ae30f3f3b3b1b32021-12-21 12:23:27.694root 11241100x8000000000000000660996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1ed2d90ff4ea462021-12-21 12:23:27.694root 11241100x8000000000000000660997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3cb8d19451aa1a2021-12-21 12:23:27.694root 11241100x8000000000000000660998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e116e322316f5f2021-12-21 12:23:27.694root 11241100x8000000000000000660999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f934de6f179d6d1e2021-12-21 12:23:27.695root 11241100x8000000000000000661000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674df3df0d8720282021-12-21 12:23:27.695root 11241100x8000000000000000661001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc49b56609d023102021-12-21 12:23:27.695root 11241100x8000000000000000661002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d7eb8f66374cb02021-12-21 12:23:27.695root 11241100x8000000000000000661003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e13e0c6eb2e3a62021-12-21 12:23:27.695root 11241100x8000000000000000661004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b119103eea28a402021-12-21 12:23:27.695root 11241100x8000000000000000661005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6485ad59c73253722021-12-21 12:23:27.695root 11241100x8000000000000000661006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7c2ff099bd1f752021-12-21 12:23:27.695root 11241100x8000000000000000661007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c1de14f2cd38152021-12-21 12:23:27.695root 11241100x8000000000000000661008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989fda544015bf302021-12-21 12:23:27.695root 11241100x8000000000000000661009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1f922c1f6013ae2021-12-21 12:23:27.695root 11241100x8000000000000000661010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb527c38564feb392021-12-21 12:23:27.695root 11241100x8000000000000000661011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469a6518bb0a647e2021-12-21 12:23:27.696root 11241100x8000000000000000661012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e8a2cb9700200f2021-12-21 12:23:27.696root 11241100x8000000000000000661013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0627e9ac609b3a12021-12-21 12:23:27.696root 11241100x8000000000000000661014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5a5b4f31fa39392021-12-21 12:23:27.696root 11241100x8000000000000000661015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c179068adbd8d13e2021-12-21 12:23:27.696root 11241100x8000000000000000661016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a259d891e98e8b592021-12-21 12:23:27.696root 11241100x8000000000000000661017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece915046517f8312021-12-21 12:23:27.696root 11241100x8000000000000000661018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69803a0ec0f54f742021-12-21 12:23:27.696root 11241100x8000000000000000661019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d2134e89b1d4052021-12-21 12:23:27.696root 11241100x8000000000000000661020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba932f555eda0fb42021-12-21 12:23:27.696root 11241100x8000000000000000661021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087ece559720a0102021-12-21 12:23:27.697root 11241100x8000000000000000661022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465089b84d5191282021-12-21 12:23:27.697root 11241100x8000000000000000661023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf2369865e36ae62021-12-21 12:23:27.697root 11241100x8000000000000000661024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddb17aba03eca1c2021-12-21 12:23:27.697root 11241100x8000000000000000661025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e49da252c9d27a2021-12-21 12:23:27.697root 11241100x8000000000000000661026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d476a43f383b6ed2021-12-21 12:23:27.697root 11241100x8000000000000000661027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e331f324d9fee52021-12-21 12:23:27.697root 11241100x8000000000000000661028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb89627c591c5ba02021-12-21 12:23:27.697root 11241100x8000000000000000661029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb60e735294eb5d2021-12-21 12:23:27.697root 11241100x8000000000000000661030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a018fd89167c542021-12-21 12:23:27.697root 11241100x8000000000000000661031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a51d9ba8515a322021-12-21 12:23:27.697root 11241100x8000000000000000661032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8f3d7438b036b52021-12-21 12:23:27.698root 11241100x8000000000000000661033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd838bc76d63e0e2021-12-21 12:23:27.698root 11241100x8000000000000000661034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d23b8b514862f22021-12-21 12:23:27.698root 11241100x8000000000000000661035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6fd3f5dccd15e12021-12-21 12:23:27.698root 11241100x8000000000000000661036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e83d942d239e812021-12-21 12:23:27.698root 11241100x8000000000000000661037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65abe19f9ede9ee62021-12-21 12:23:27.698root 11241100x8000000000000000661038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddff6e12efabc8b42021-12-21 12:23:27.698root 11241100x8000000000000000661039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d680440ce8abe1972021-12-21 12:23:27.698root 11241100x8000000000000000661040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68de13ff54c19cc22021-12-21 12:23:27.699root 11241100x8000000000000000661041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5667f2237863fc182021-12-21 12:23:27.699root 11241100x8000000000000000661042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02180896212eeeb72021-12-21 12:23:27.699root 11241100x8000000000000000661043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63aa2878a16bb7a92021-12-21 12:23:27.699root 11241100x8000000000000000661044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45073dacb77032a2021-12-21 12:23:27.699root 11241100x8000000000000000661045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a373da452063b362021-12-21 12:23:27.699root 11241100x8000000000000000661046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:27.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a82b38f2624e2732021-12-21 12:23:27.699root 11241100x8000000000000000661047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d0af2786c5f2472021-12-21 12:23:28.193root 11241100x8000000000000000661048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e392e056e50028e2021-12-21 12:23:28.193root 11241100x8000000000000000661049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59023174db6f5762021-12-21 12:23:28.193root 11241100x8000000000000000661050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f1dce8e37cadc12021-12-21 12:23:28.193root 11241100x8000000000000000661051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbe3b918dd272182021-12-21 12:23:28.194root 11241100x8000000000000000661052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ba246fb57f2bb42021-12-21 12:23:28.194root 11241100x8000000000000000661053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d815b9fad690a8042021-12-21 12:23:28.194root 11241100x8000000000000000661054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7caccc2b5f814f0f2021-12-21 12:23:28.194root 11241100x8000000000000000661055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f7c1867d784cda2021-12-21 12:23:28.194root 11241100x8000000000000000661056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a1261f38e154de2021-12-21 12:23:28.194root 11241100x8000000000000000661057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9924759c5642c4612021-12-21 12:23:28.194root 11241100x8000000000000000661058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa3b92c2c42436b2021-12-21 12:23:28.195root 11241100x8000000000000000661059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdc02f10f3787b12021-12-21 12:23:28.195root 11241100x8000000000000000661060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5695b14c85b2d52021-12-21 12:23:28.195root 11241100x8000000000000000661061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874d7a3db64145ef2021-12-21 12:23:28.195root 11241100x8000000000000000661062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335604bafb12d39f2021-12-21 12:23:28.195root 11241100x8000000000000000661063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32db77eb291df4a12021-12-21 12:23:28.195root 11241100x8000000000000000661064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0aa6bc49167e12e2021-12-21 12:23:28.195root 11241100x8000000000000000661065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b567229c11972ca22021-12-21 12:23:28.195root 11241100x8000000000000000661066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988814ee180e3aaf2021-12-21 12:23:28.196root 11241100x8000000000000000661067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771117e986ba27be2021-12-21 12:23:28.196root 11241100x8000000000000000661068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271236a2b42ee13b2021-12-21 12:23:28.196root 11241100x8000000000000000661069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a48773ff97d59f62021-12-21 12:23:28.196root 11241100x8000000000000000661070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f15a84c88ec0192021-12-21 12:23:28.196root 11241100x8000000000000000661071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4c8ec0f101c75f2021-12-21 12:23:28.196root 11241100x8000000000000000661072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839734467294aa4c2021-12-21 12:23:28.196root 11241100x8000000000000000661073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f547153ce3cd62e82021-12-21 12:23:28.196root 11241100x8000000000000000661074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6154f360963e37942021-12-21 12:23:28.197root 11241100x8000000000000000661075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778ebd6a46fceff72021-12-21 12:23:28.197root 11241100x8000000000000000661076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edfd32c972a7bf62021-12-21 12:23:28.197root 11241100x8000000000000000661077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194ff3c7d8c611092021-12-21 12:23:28.197root 11241100x8000000000000000661078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a7aa1ed5a508972021-12-21 12:23:28.197root 11241100x8000000000000000661079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0e958a835553b22021-12-21 12:23:28.197root 11241100x8000000000000000661080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae09fcd9f34075f2021-12-21 12:23:28.197root 11241100x8000000000000000661081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceec348f780c5e222021-12-21 12:23:28.198root 11241100x8000000000000000661082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1a6995921f80552021-12-21 12:23:28.198root 11241100x8000000000000000661083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ff9f17de2694032021-12-21 12:23:28.198root 11241100x8000000000000000661084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8951c79d577c812021-12-21 12:23:28.198root 11241100x8000000000000000661085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2737aadec1a04f2021-12-21 12:23:28.198root 11241100x8000000000000000661086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87aab80b2392c2bd2021-12-21 12:23:28.199root 11241100x8000000000000000661087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8562e82a8b260ebd2021-12-21 12:23:28.199root 11241100x8000000000000000661088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fca8a8ed4cdeae82021-12-21 12:23:28.199root 11241100x8000000000000000661089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cc944e6fdd7f972021-12-21 12:23:28.199root 11241100x8000000000000000661090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58be7b8613f0f9432021-12-21 12:23:28.199root 11241100x8000000000000000661091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5793da88c9d4fbe2021-12-21 12:23:28.199root 11241100x8000000000000000661092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e2b9581553a2b52021-12-21 12:23:28.200root 11241100x8000000000000000661093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33fa68b5466c6982021-12-21 12:23:28.200root 11241100x8000000000000000661094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f942675b7533032021-12-21 12:23:28.200root 11241100x8000000000000000661095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf5992c99e5f58a2021-12-21 12:23:28.200root 11241100x8000000000000000661096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d54267000fb55d2021-12-21 12:23:28.200root 11241100x8000000000000000661097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9c89ef745ddbe52021-12-21 12:23:28.200root 11241100x8000000000000000661098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d8b7b4fce02d6e2021-12-21 12:23:28.200root 11241100x8000000000000000661099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6d60ff809885332021-12-21 12:23:28.200root 11241100x8000000000000000661100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d0ffbec6c6e9d42021-12-21 12:23:28.200root 11241100x8000000000000000661101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefc72eefab4d80e2021-12-21 12:23:28.201root 11241100x8000000000000000661102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c66a8e368fa8512021-12-21 12:23:28.201root 11241100x8000000000000000661103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea61ca379a8562662021-12-21 12:23:28.201root 11241100x8000000000000000661104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbd55039aed9a522021-12-21 12:23:28.201root 11241100x8000000000000000661105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4c549aaceaede82021-12-21 12:23:28.201root 11241100x8000000000000000661106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4652f0a81e241c2021-12-21 12:23:28.201root 11241100x8000000000000000661107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72ac68dad94be852021-12-21 12:23:28.201root 11241100x8000000000000000661108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3f079fc7c12bfd2021-12-21 12:23:28.201root 11241100x8000000000000000661109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bd30b5b4b245e02021-12-21 12:23:28.201root 11241100x8000000000000000661110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778eba56516a5c6f2021-12-21 12:23:28.202root 11241100x8000000000000000661111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77df84666fb474502021-12-21 12:23:28.202root 11241100x8000000000000000661112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810edde0e7ca71122021-12-21 12:23:28.202root 11241100x8000000000000000661113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd53946f8e8b25922021-12-21 12:23:28.202root 11241100x8000000000000000661114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba07030c7f155092021-12-21 12:23:28.202root 11241100x8000000000000000661115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3f4da82d730b442021-12-21 12:23:28.202root 11241100x8000000000000000661116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90969ded513863222021-12-21 12:23:28.202root 11241100x8000000000000000661117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1c006c0ecdbd252021-12-21 12:23:28.203root 11241100x8000000000000000661118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a923eef4191114e2021-12-21 12:23:28.203root 11241100x8000000000000000661119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a783faec2bfd28a2021-12-21 12:23:28.203root 11241100x8000000000000000661120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761f59f0e9403f122021-12-21 12:23:28.203root 11241100x8000000000000000661121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f24c6a0c190d8ac2021-12-21 12:23:28.203root 11241100x8000000000000000661122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9914dd654645dd42021-12-21 12:23:28.203root 11241100x8000000000000000661123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7675be6ee4c4d7a32021-12-21 12:23:28.203root 11241100x8000000000000000661124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b76432dd792d8152021-12-21 12:23:28.204root 11241100x8000000000000000661125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4bcc918e6fe1772021-12-21 12:23:28.694root 11241100x8000000000000000661126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d293f68a8ac8f12021-12-21 12:23:28.694root 11241100x8000000000000000661127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe787ec93e3b731c2021-12-21 12:23:28.696root 11241100x8000000000000000661128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436f623179e51fa22021-12-21 12:23:28.696root 11241100x8000000000000000661129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69ff1635a248f312021-12-21 12:23:28.697root 11241100x8000000000000000661130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d1cbdbdbba99162021-12-21 12:23:28.697root 11241100x8000000000000000661131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa4fe2e93103e082021-12-21 12:23:28.697root 11241100x8000000000000000661132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8bc2a1279305d42021-12-21 12:23:28.698root 11241100x8000000000000000661133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25af5291a11208f2021-12-21 12:23:28.698root 11241100x8000000000000000661134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b3b18540bee6382021-12-21 12:23:28.699root 11241100x8000000000000000661135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dffaae593c846fb2021-12-21 12:23:28.700root 11241100x8000000000000000661136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea78b00fe04e7382021-12-21 12:23:28.700root 11241100x8000000000000000661137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5489fb2c58db8422021-12-21 12:23:28.700root 11241100x8000000000000000661138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205e2f31d810905a2021-12-21 12:23:28.701root 11241100x8000000000000000661139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ee754b04a546c72021-12-21 12:23:28.701root 11241100x8000000000000000661140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c67e5337ac9fff2021-12-21 12:23:28.701root 11241100x8000000000000000661141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ce004427a279b12021-12-21 12:23:28.701root 11241100x8000000000000000661142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c363b9a2c15ea812021-12-21 12:23:28.701root 11241100x8000000000000000661143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601c9d5da60301902021-12-21 12:23:28.701root 11241100x8000000000000000661144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387565557f3098342021-12-21 12:23:28.701root 11241100x8000000000000000661145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d9e1bbd6dfc2a52021-12-21 12:23:28.701root 11241100x8000000000000000661146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231f138fc3871b702021-12-21 12:23:28.701root 11241100x8000000000000000661147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e809cfe8ef058aed2021-12-21 12:23:28.702root 11241100x8000000000000000661148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ad3fdf715e0b3b2021-12-21 12:23:28.702root 11241100x8000000000000000661149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f59721181e0b842021-12-21 12:23:28.702root 11241100x8000000000000000661150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36b50d5627419102021-12-21 12:23:28.702root 11241100x8000000000000000661151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24facec1622b0cfb2021-12-21 12:23:28.702root 11241100x8000000000000000661152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a82a34af91f3a42021-12-21 12:23:28.702root 11241100x8000000000000000661153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91e53b1ccdd37492021-12-21 12:23:28.702root 11241100x8000000000000000661154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccbf2124ed1fc162021-12-21 12:23:28.702root 11241100x8000000000000000661155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef881ea5cdbbb6b2021-12-21 12:23:28.703root 11241100x8000000000000000661156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1568961e938c34c02021-12-21 12:23:28.703root 11241100x8000000000000000661157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb077c82d2b69a72021-12-21 12:23:28.703root 11241100x8000000000000000661158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad566560dbfb59e2021-12-21 12:23:28.703root 11241100x8000000000000000661159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcf1310ae43ae1e2021-12-21 12:23:28.703root 11241100x8000000000000000661160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370fed0b7e6d4b422021-12-21 12:23:28.703root 11241100x8000000000000000661161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7ed701ae3dad622021-12-21 12:23:28.703root 11241100x8000000000000000661162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa0383dda8f08bf2021-12-21 12:23:28.703root 11241100x8000000000000000661163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641697ce627eaeb32021-12-21 12:23:28.703root 11241100x8000000000000000661164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8a94729b4121ea2021-12-21 12:23:28.703root 11241100x8000000000000000661165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446eb827ab4042662021-12-21 12:23:28.703root 11241100x8000000000000000661166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a21a18f4a940022021-12-21 12:23:28.703root 11241100x8000000000000000661167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6762fb0d935ab1d22021-12-21 12:23:28.703root 11241100x8000000000000000661168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745bf390c8b5547b2021-12-21 12:23:28.703root 11241100x8000000000000000661169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfd837e59ff0eee2021-12-21 12:23:28.704root 11241100x8000000000000000661170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9432b7fed1e330172021-12-21 12:23:28.704root 11241100x8000000000000000661171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b496fa1359ab53532021-12-21 12:23:28.704root 11241100x8000000000000000661172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea837695cf075dca2021-12-21 12:23:28.704root 11241100x8000000000000000661173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46829d12793989432021-12-21 12:23:28.704root 11241100x8000000000000000661174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be74a09c26e1ab6a2021-12-21 12:23:28.704root 11241100x8000000000000000661175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fd08f0a9f8ed352021-12-21 12:23:28.704root 11241100x8000000000000000661176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f82bdb2fb214e362021-12-21 12:23:28.704root 11241100x8000000000000000661177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c18b6f6dd4e7002021-12-21 12:23:28.704root 11241100x8000000000000000661178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1879f9985f806b9e2021-12-21 12:23:28.704root 11241100x8000000000000000661179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec64e575ff63da12021-12-21 12:23:28.704root 11241100x8000000000000000661180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48dadc913f2558442021-12-21 12:23:28.704root 11241100x8000000000000000661181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c2c6cb6094f9c62021-12-21 12:23:28.704root 11241100x8000000000000000661182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f9aa45a9edd7ef2021-12-21 12:23:28.704root 11241100x8000000000000000661183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b176027b95f6d82021-12-21 12:23:28.704root 11241100x8000000000000000661184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf78c20329a82072021-12-21 12:23:28.704root 11241100x8000000000000000661185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e10aaf585f2f0e2021-12-21 12:23:28.705root 11241100x8000000000000000661186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1538cacb695677e42021-12-21 12:23:28.705root 11241100x8000000000000000661187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3977ad7f9e07e62021-12-21 12:23:28.705root 11241100x8000000000000000661188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7a696367112e192021-12-21 12:23:28.705root 11241100x8000000000000000661189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7660feb27b72749e2021-12-21 12:23:28.705root 11241100x8000000000000000661190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851245e4b4c2cb6c2021-12-21 12:23:28.705root 11241100x8000000000000000661191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c8c254944ec5402021-12-21 12:23:28.705root 11241100x8000000000000000661192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7644e85f96711aef2021-12-21 12:23:28.705root 11241100x8000000000000000661193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2417956ced6f65d2021-12-21 12:23:28.705root 11241100x8000000000000000661194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832bb811aa9d53f32021-12-21 12:23:28.705root 11241100x8000000000000000661195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a04f40ba599a872021-12-21 12:23:28.705root 11241100x8000000000000000661196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c501fe0290a7cd2021-12-21 12:23:28.705root 11241100x8000000000000000661197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74fdaa7cf09431f2021-12-21 12:23:28.705root 11241100x8000000000000000661198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f2c4a7b92b61412021-12-21 12:23:28.705root 11241100x8000000000000000661199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1483df923a06b652021-12-21 12:23:28.705root 11241100x8000000000000000661200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f99d8e4d200852f2021-12-21 12:23:28.705root 11241100x8000000000000000661201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38659fead024395d2021-12-21 12:23:28.706root 11241100x8000000000000000661202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:28.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fde6c32ec2da4a2021-12-21 12:23:28.706root 11241100x8000000000000000661203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3bf9321a2bb3b02021-12-21 12:23:29.193root 11241100x8000000000000000661204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6c0edb37402a602021-12-21 12:23:29.193root 11241100x8000000000000000661205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8a4ceb33c0926a2021-12-21 12:23:29.193root 11241100x8000000000000000661206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0b235657935bbb2021-12-21 12:23:29.193root 11241100x8000000000000000661207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fe5b2a99b3e7072021-12-21 12:23:29.194root 11241100x8000000000000000661208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf377ff86ac0d60b2021-12-21 12:23:29.194root 11241100x8000000000000000661209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7b2c827bbb0ee62021-12-21 12:23:29.194root 11241100x8000000000000000661210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c5587de3d0273e2021-12-21 12:23:29.194root 11241100x8000000000000000661211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014625022f2021182021-12-21 12:23:29.194root 11241100x8000000000000000661212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f85972e561843852021-12-21 12:23:29.194root 11241100x8000000000000000661213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb16eeadc6c61402021-12-21 12:23:29.194root 11241100x8000000000000000661214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c795ee6836921c2021-12-21 12:23:29.194root 11241100x8000000000000000661215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02d086570f6c02c2021-12-21 12:23:29.194root 11241100x8000000000000000661216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d606fec7858f6172021-12-21 12:23:29.194root 11241100x8000000000000000661217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f212c34579c0342021-12-21 12:23:29.194root 11241100x8000000000000000661218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4b512104c6de642021-12-21 12:23:29.194root 11241100x8000000000000000661219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a3b160adeea1712021-12-21 12:23:29.194root 11241100x8000000000000000661220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3355354cffb6aa752021-12-21 12:23:29.194root 11241100x8000000000000000661221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c6a10eb547e65b2021-12-21 12:23:29.194root 11241100x8000000000000000661222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04abe938967b1a822021-12-21 12:23:29.195root 11241100x8000000000000000661223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3433a88a5a0b437d2021-12-21 12:23:29.195root 11241100x8000000000000000661224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4052cf775dea003f2021-12-21 12:23:29.195root 11241100x8000000000000000661225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271114f3879de3822021-12-21 12:23:29.195root 11241100x8000000000000000661226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4074ff00babd9d02021-12-21 12:23:29.195root 11241100x8000000000000000661227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29381c154397e67f2021-12-21 12:23:29.195root 11241100x8000000000000000661228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b47bed35c885ce2021-12-21 12:23:29.195root 11241100x8000000000000000661229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257d67c096ecabe02021-12-21 12:23:29.195root 11241100x8000000000000000661230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150fddfc9b592d382021-12-21 12:23:29.195root 11241100x8000000000000000661231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4ff52ec61999422021-12-21 12:23:29.195root 11241100x8000000000000000661232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1a243e9530901b2021-12-21 12:23:29.195root 11241100x8000000000000000661233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1575c5eeb8de13f22021-12-21 12:23:29.195root 11241100x8000000000000000661234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03467f8f48185262021-12-21 12:23:29.195root 11241100x8000000000000000661235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92a5270a184b0c92021-12-21 12:23:29.195root 11241100x8000000000000000661236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8c49a7ddd7ba322021-12-21 12:23:29.196root 11241100x8000000000000000661237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64b3aa6259222092021-12-21 12:23:29.196root 11241100x8000000000000000661238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869115497f41353e2021-12-21 12:23:29.196root 11241100x8000000000000000661239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f85c586b029ee5c2021-12-21 12:23:29.196root 11241100x8000000000000000661240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9619bac91007092021-12-21 12:23:29.196root 11241100x8000000000000000661241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9826e707dc04db82021-12-21 12:23:29.196root 11241100x8000000000000000661242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62911c17115081452021-12-21 12:23:29.196root 11241100x8000000000000000661243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8158b54e263fa57c2021-12-21 12:23:29.196root 11241100x8000000000000000661244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7487ec280bae2f2021-12-21 12:23:29.196root 11241100x8000000000000000661245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f9377574c640182021-12-21 12:23:29.196root 11241100x8000000000000000661246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557dd8d37fb35d7a2021-12-21 12:23:29.196root 11241100x8000000000000000661247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be1b5c2c6f0f70a2021-12-21 12:23:29.196root 11241100x8000000000000000661248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9435f1a72d5fe1422021-12-21 12:23:29.196root 11241100x8000000000000000661249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cda2813246c7af42021-12-21 12:23:29.196root 11241100x8000000000000000661250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917626a9859f6baf2021-12-21 12:23:29.196root 11241100x8000000000000000661251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805bc3cac33925112021-12-21 12:23:29.197root 11241100x8000000000000000661252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03131dbaad93b1022021-12-21 12:23:29.197root 11241100x8000000000000000661253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e986f8a561ea63e2021-12-21 12:23:29.197root 11241100x8000000000000000661254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751c750095b9a8ad2021-12-21 12:23:29.197root 11241100x8000000000000000661255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940771d1cbb4e3042021-12-21 12:23:29.197root 11241100x8000000000000000661256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c0c27b0b7cd9902021-12-21 12:23:29.197root 11241100x8000000000000000661257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4693950b43fb080d2021-12-21 12:23:29.197root 11241100x8000000000000000661258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41fda0ae272b8f62021-12-21 12:23:29.197root 11241100x8000000000000000661259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f480504b304c1ab02021-12-21 12:23:29.197root 11241100x8000000000000000661260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df2e42fc8a270012021-12-21 12:23:29.197root 11241100x8000000000000000661261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad536177eae89eb2021-12-21 12:23:29.197root 11241100x8000000000000000661262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6605136e3c3ea012021-12-21 12:23:29.197root 11241100x8000000000000000661263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f427edffadc21712021-12-21 12:23:29.197root 11241100x8000000000000000661264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cde040af41cd99e2021-12-21 12:23:29.198root 11241100x8000000000000000661265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ce6b4b09ad5a622021-12-21 12:23:29.198root 11241100x8000000000000000661266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f84112f24cae5d2021-12-21 12:23:29.198root 11241100x8000000000000000661267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ec0fde34e4ece12021-12-21 12:23:29.198root 11241100x8000000000000000661268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff37ca86bbea1b62021-12-21 12:23:29.198root 11241100x8000000000000000661269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c1d173d723f5572021-12-21 12:23:29.198root 11241100x8000000000000000661270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd9ff2640db01802021-12-21 12:23:29.198root 11241100x8000000000000000661271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940800fb8023b6e92021-12-21 12:23:29.198root 11241100x8000000000000000661272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d636228a39de9b2021-12-21 12:23:29.198root 11241100x8000000000000000661273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8a1c7c736eab412021-12-21 12:23:29.198root 11241100x8000000000000000661274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f21631f8317fe62021-12-21 12:23:29.198root 11241100x8000000000000000661275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a387f8cf53d94bed2021-12-21 12:23:29.199root 11241100x8000000000000000661276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eae8576506bf5952021-12-21 12:23:29.693root 11241100x8000000000000000661277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b5e587ea0ef5342021-12-21 12:23:29.693root 11241100x8000000000000000661278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ba00af81de33d22021-12-21 12:23:29.693root 11241100x8000000000000000661279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235d16da0568bb822021-12-21 12:23:29.693root 11241100x8000000000000000661280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299ddb89b972a4712021-12-21 12:23:29.693root 11241100x8000000000000000661281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa311246e90496f12021-12-21 12:23:29.693root 11241100x8000000000000000661282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da1f2101bc3f7602021-12-21 12:23:29.693root 11241100x8000000000000000661283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6440ae6055c5b5f42021-12-21 12:23:29.693root 11241100x8000000000000000661284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3aabf6c517f5d9e2021-12-21 12:23:29.693root 11241100x8000000000000000661285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ff06cb5edff52b2021-12-21 12:23:29.693root 11241100x8000000000000000661286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036f12b977da3ec32021-12-21 12:23:29.693root 11241100x8000000000000000661287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164070729db1833b2021-12-21 12:23:29.693root 11241100x8000000000000000661288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7b09b554734e682021-12-21 12:23:29.694root 11241100x8000000000000000661289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1691b1a0cab453832021-12-21 12:23:29.694root 11241100x8000000000000000661290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c857529c0157e92021-12-21 12:23:29.694root 11241100x8000000000000000661291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1865f3a6d541e32021-12-21 12:23:29.694root 11241100x8000000000000000661292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef055154fca718b42021-12-21 12:23:29.694root 11241100x8000000000000000661293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5271b4f616dc452021-12-21 12:23:29.694root 11241100x8000000000000000661294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d0e35f72b409aa2021-12-21 12:23:29.694root 11241100x8000000000000000661295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92cc52b22f1a21ce2021-12-21 12:23:29.694root 11241100x8000000000000000661296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f11fd8321744302021-12-21 12:23:29.694root 11241100x8000000000000000661297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3eb38d5bbba85b2021-12-21 12:23:29.694root 11241100x8000000000000000661298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bd430ed442ee192021-12-21 12:23:29.694root 11241100x8000000000000000661299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a56bb7b11c080442021-12-21 12:23:29.694root 11241100x8000000000000000661300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907efd69533c4cef2021-12-21 12:23:29.694root 11241100x8000000000000000661301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1110a44177d4223e2021-12-21 12:23:29.694root 11241100x8000000000000000661302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1b49ea329cdece2021-12-21 12:23:29.694root 11241100x8000000000000000661303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84ab103a22992822021-12-21 12:23:29.694root 11241100x8000000000000000661304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49cb273ae2c48bb2021-12-21 12:23:29.695root 11241100x8000000000000000661305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570804ad5e63496a2021-12-21 12:23:29.695root 11241100x8000000000000000661306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c0e9fb58de55442021-12-21 12:23:29.695root 11241100x8000000000000000661307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f92246b44b2f57b2021-12-21 12:23:29.695root 11241100x8000000000000000661308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4117afd453d760362021-12-21 12:23:29.695root 11241100x8000000000000000661309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0834429a994163452021-12-21 12:23:29.695root 11241100x8000000000000000661310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951a41ab3ce651fc2021-12-21 12:23:29.695root 11241100x8000000000000000661311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a46a92fd638e072021-12-21 12:23:29.695root 11241100x8000000000000000661312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe46b71328b16662021-12-21 12:23:29.695root 11241100x8000000000000000661313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8750860e6250a4a72021-12-21 12:23:29.695root 11241100x8000000000000000661314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae37d579d8de3ca42021-12-21 12:23:29.696root 11241100x8000000000000000661315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e714d6e7bc422d02021-12-21 12:23:29.696root 11241100x8000000000000000661316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7b2d37898475872021-12-21 12:23:29.696root 11241100x8000000000000000661317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff55dca0d983df712021-12-21 12:23:29.696root 11241100x8000000000000000661318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1524d838c8d34bec2021-12-21 12:23:29.696root 11241100x8000000000000000661319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a5b1b923976c512021-12-21 12:23:29.696root 11241100x8000000000000000661320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9c9668b1d2ab0e2021-12-21 12:23:29.696root 11241100x8000000000000000661321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510fb401e52747412021-12-21 12:23:29.697root 11241100x8000000000000000661322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698e5974a34b993f2021-12-21 12:23:29.697root 11241100x8000000000000000661323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34441f2339c303b22021-12-21 12:23:29.697root 11241100x8000000000000000661324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d7348f3a070f062021-12-21 12:23:29.697root 11241100x8000000000000000661325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d5fac613a098172021-12-21 12:23:29.697root 11241100x8000000000000000661326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53a2c8ce1ed80ae2021-12-21 12:23:29.697root 11241100x8000000000000000661327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c766f837a8ac79c52021-12-21 12:23:29.697root 11241100x8000000000000000661328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246994975fbaf6d12021-12-21 12:23:29.697root 11241100x8000000000000000661329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f0dd7c4ced4ebc2021-12-21 12:23:29.698root 11241100x8000000000000000661330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a4ca620f8d09fc2021-12-21 12:23:29.698root 11241100x8000000000000000661331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41def7eebe8ea06a2021-12-21 12:23:29.698root 11241100x8000000000000000661332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbacf9e10ead3e0b2021-12-21 12:23:29.698root 11241100x8000000000000000661333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98247e5cd004b0652021-12-21 12:23:29.698root 11241100x8000000000000000661334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5341c8e40d8a5d1e2021-12-21 12:23:29.699root 11241100x8000000000000000661335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceef97b5570577e02021-12-21 12:23:29.699root 11241100x8000000000000000661336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950ef802d0e02bb82021-12-21 12:23:29.699root 11241100x8000000000000000661337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c8ddbd5d5a19c52021-12-21 12:23:29.699root 11241100x8000000000000000661338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c63f08d984a56c2021-12-21 12:23:29.699root 11241100x8000000000000000661339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36f92cd9ea249062021-12-21 12:23:29.699root 11241100x8000000000000000661340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3673f9103300612021-12-21 12:23:29.699root 11241100x8000000000000000661341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946a2f592d0041de2021-12-21 12:23:29.699root 11241100x8000000000000000661342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477d244a5ca2ddd52021-12-21 12:23:29.699root 11241100x8000000000000000661343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039b0c877b671dc32021-12-21 12:23:29.700root 11241100x8000000000000000661344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5463947c4a85ba3d2021-12-21 12:23:29.700root 11241100x8000000000000000661345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e151bfd2b5ee9e2021-12-21 12:23:29.700root 11241100x8000000000000000661346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00154e2c351993d2021-12-21 12:23:29.700root 11241100x8000000000000000661347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacc3d9c3cdfcd5a2021-12-21 12:23:29.700root 11241100x8000000000000000661348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79152371fb93df662021-12-21 12:23:29.700root 11241100x8000000000000000661349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762d2d316a7d8bd82021-12-21 12:23:29.700root 11241100x8000000000000000661350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac7a155bb87e7db2021-12-21 12:23:29.700root 11241100x8000000000000000661351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6033f14f6dfda2da2021-12-21 12:23:29.700root 11241100x8000000000000000661352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3aeb211666086262021-12-21 12:23:29.700root 11241100x8000000000000000661353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ed32c741b09ea82021-12-21 12:23:29.701root 11241100x8000000000000000661354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cbe0e27e4a94df2021-12-21 12:23:29.701root 11241100x8000000000000000661355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34144e2ca99d8b12021-12-21 12:23:29.701root 11241100x8000000000000000661356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a764e0ee82f6ed62021-12-21 12:23:29.701root 11241100x8000000000000000661357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f50b17377bf47342021-12-21 12:23:29.701root 11241100x8000000000000000661358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f06e77437c3e652021-12-21 12:23:29.701root 11241100x8000000000000000661359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba2c5d2f298e8742021-12-21 12:23:29.701root 11241100x8000000000000000661360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdfde8d5b0548a32021-12-21 12:23:29.701root 11241100x8000000000000000661361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbb3c385a2e68d92021-12-21 12:23:29.701root 11241100x8000000000000000661362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35590284373d3f552021-12-21 12:23:29.702root 11241100x8000000000000000661363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fb9c268d6ae0ac2021-12-21 12:23:29.702root 11241100x8000000000000000661364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ec007a69aed1842021-12-21 12:23:29.702root 11241100x8000000000000000661365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25aca208c17933e72021-12-21 12:23:29.702root 11241100x8000000000000000661366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea980118c697f0de2021-12-21 12:23:29.702root 11241100x8000000000000000661367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e96f18b6e4658d32021-12-21 12:23:29.702root 11241100x8000000000000000661368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411e3b39d5d03cf82021-12-21 12:23:29.702root 11241100x8000000000000000661369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9056b1de199514d82021-12-21 12:23:29.703root 11241100x8000000000000000661370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9173f207f8795bad2021-12-21 12:23:29.703root 11241100x8000000000000000661371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e81e8eb54c4b6292021-12-21 12:23:29.703root 11241100x8000000000000000661372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9449e24628fcae2021-12-21 12:23:29.703root 11241100x8000000000000000661373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74293559f2d171f62021-12-21 12:23:29.703root 11241100x8000000000000000661374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20413c05a3b668e12021-12-21 12:23:29.703root 11241100x8000000000000000661375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1797c43e286e18942021-12-21 12:23:29.703root 11241100x8000000000000000661376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0995fcc964c704e42021-12-21 12:23:29.704root 11241100x8000000000000000661377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc814023757b06822021-12-21 12:23:29.705root 11241100x8000000000000000661378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a32da2448104bdb2021-12-21 12:23:29.705root 11241100x8000000000000000661379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eabdbffa504cf932021-12-21 12:23:29.705root 11241100x8000000000000000661380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba317c9dc41a5132021-12-21 12:23:29.705root 11241100x8000000000000000661381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6776097ccc9d23c92021-12-21 12:23:29.705root 11241100x8000000000000000661382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e053b1bb5feda3962021-12-21 12:23:29.705root 11241100x8000000000000000661383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8496cf22a132c572021-12-21 12:23:29.706root 11241100x8000000000000000661384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b64a00c7e6ea0c82021-12-21 12:23:29.706root 11241100x8000000000000000661385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9ed7f003c742ad2021-12-21 12:23:29.706root 11241100x8000000000000000661386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d09ae4c492f26d2021-12-21 12:23:29.707root 11241100x8000000000000000661387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e9b1e8301d39292021-12-21 12:23:29.707root 11241100x8000000000000000661388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa05833e73ec6a762021-12-21 12:23:29.707root 11241100x8000000000000000661389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8376dd76dcbbe372021-12-21 12:23:29.707root 11241100x8000000000000000661390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edcca5740f6bcc82021-12-21 12:23:29.707root 11241100x8000000000000000661391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514ec2a0c3a24f212021-12-21 12:23:29.708root 11241100x8000000000000000661392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc37075191a98f12021-12-21 12:23:29.708root 11241100x8000000000000000661393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d13a9e07361dc52021-12-21 12:23:29.708root 11241100x8000000000000000661394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df440cd353e117fb2021-12-21 12:23:29.708root 11241100x8000000000000000661395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e049fe8aad7a2c212021-12-21 12:23:29.708root 11241100x8000000000000000661396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665eae5dd2f57f322021-12-21 12:23:29.708root 11241100x8000000000000000661397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a34b320935aa4dd2021-12-21 12:23:29.708root 11241100x8000000000000000661398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e68f43828744422021-12-21 12:23:29.709root 11241100x8000000000000000661399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e702d5daf1af541d2021-12-21 12:23:29.709root 11241100x8000000000000000661400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8967ce95e9ba5b32021-12-21 12:23:29.709root 11241100x8000000000000000661401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7283f502780407be2021-12-21 12:23:29.709root 11241100x8000000000000000661402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556653deb3f454db2021-12-21 12:23:29.709root 11241100x8000000000000000661403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86b4c3aa3b187962021-12-21 12:23:29.709root 11241100x8000000000000000661404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580dbd3e53ecb37f2021-12-21 12:23:29.710root 11241100x8000000000000000661405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a685f442f2fc6d22021-12-21 12:23:29.710root 11241100x8000000000000000661406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e37acbf20a252c2021-12-21 12:23:29.710root 11241100x8000000000000000661407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c257acb865867c72021-12-21 12:23:29.710root 11241100x8000000000000000661408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c725c7696004882021-12-21 12:23:29.710root 11241100x8000000000000000661409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04df64d31944b492021-12-21 12:23:29.710root 11241100x8000000000000000661410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fcbc4beb3563d72021-12-21 12:23:29.710root 11241100x8000000000000000661411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0c877ee57a04892021-12-21 12:23:29.711root 11241100x8000000000000000661412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6b7a72d2d2395e2021-12-21 12:23:29.711root 11241100x8000000000000000661413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f918bf7b75bbab92021-12-21 12:23:29.711root 11241100x8000000000000000661414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732611569a8dde7f2021-12-21 12:23:29.711root 11241100x8000000000000000661415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccab1961a5779b532021-12-21 12:23:29.711root 11241100x8000000000000000661416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b0b807ec151e3f2021-12-21 12:23:29.713root 11241100x8000000000000000661417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a898d46323da36542021-12-21 12:23:29.713root 11241100x8000000000000000661418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194c2ebe1f69a7b42021-12-21 12:23:29.713root 11241100x8000000000000000661419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1756b3270fcff5002021-12-21 12:23:29.714root 11241100x8000000000000000661420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69953d92238f49a2021-12-21 12:23:29.714root 11241100x8000000000000000661421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa5685e30e2f7da2021-12-21 12:23:29.714root 11241100x8000000000000000661422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc4ca44122917eb2021-12-21 12:23:29.714root 11241100x8000000000000000661423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5f9af93e286eac2021-12-21 12:23:29.714root 11241100x8000000000000000661424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1874b74eef08d32021-12-21 12:23:29.714root 11241100x8000000000000000661425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3d0fd4faf646dd2021-12-21 12:23:29.714root 11241100x8000000000000000661426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00223e82d2ae7ff2021-12-21 12:23:29.714root 11241100x8000000000000000661427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c663f1e1b6b343ff2021-12-21 12:23:29.714root 11241100x8000000000000000661428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3c953f57cb1ba72021-12-21 12:23:29.715root 11241100x8000000000000000661429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1802efd2ece009c42021-12-21 12:23:29.715root 11241100x8000000000000000661430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc727a6742bf06de2021-12-21 12:23:29.715root 11241100x8000000000000000661431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098b2a4846b8b5452021-12-21 12:23:29.715root 11241100x8000000000000000661432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20cfdfaaf51dcc042021-12-21 12:23:29.715root 11241100x8000000000000000661433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872146913371911f2021-12-21 12:23:29.715root 11241100x8000000000000000661434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493d4058f2eee09c2021-12-21 12:23:29.715root 11241100x8000000000000000661435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abd858d9d422daa2021-12-21 12:23:29.715root 11241100x8000000000000000661436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1429302d13123632021-12-21 12:23:29.715root 11241100x8000000000000000661437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f97859dcb0595c12021-12-21 12:23:29.716root 11241100x8000000000000000661438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a6f58c346d72972021-12-21 12:23:29.716root 11241100x8000000000000000661439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046db0a66e36ac182021-12-21 12:23:29.716root 11241100x8000000000000000661440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b993840bd4ec47a2021-12-21 12:23:29.716root 11241100x8000000000000000661441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d113b00bf1e0352021-12-21 12:23:29.716root 11241100x8000000000000000661442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552fef8f8a8ab9c32021-12-21 12:23:29.716root 11241100x8000000000000000661443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e464275b8b65c522021-12-21 12:23:29.716root 11241100x8000000000000000661444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bf779c5c8f5ca82021-12-21 12:23:29.716root 11241100x8000000000000000661445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500addcdb08b1b1e2021-12-21 12:23:29.716root 11241100x8000000000000000661446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9154903949834e6c2021-12-21 12:23:29.716root 11241100x8000000000000000661447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0d227bdd80199c2021-12-21 12:23:29.717root 11241100x8000000000000000661448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3759e30e2f7e2abe2021-12-21 12:23:29.717root 11241100x8000000000000000661449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e88aa396abda302021-12-21 12:23:29.717root 11241100x8000000000000000661450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64e5c3cf72570792021-12-21 12:23:29.717root 11241100x8000000000000000661451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e41f2691f5a1ee02021-12-21 12:23:29.717root 11241100x8000000000000000661452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb65df89edfcd8c42021-12-21 12:23:29.717root 11241100x8000000000000000661453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1107831c437d3e622021-12-21 12:23:29.717root 11241100x8000000000000000661454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d7829e1aa76f722021-12-21 12:23:29.717root 11241100x8000000000000000661455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419cae04b98ccee32021-12-21 12:23:29.717root 11241100x8000000000000000661456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5812f68ea6a261292021-12-21 12:23:29.717root 11241100x8000000000000000661457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf95034b991ee412021-12-21 12:23:29.717root 11241100x8000000000000000661458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c870ecae3d10ab02021-12-21 12:23:29.717root 11241100x8000000000000000661459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34c3f2342484e772021-12-21 12:23:29.717root 11241100x8000000000000000661460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e4bd1239acbe312021-12-21 12:23:29.717root 11241100x8000000000000000661461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de9f8f8a8c4a03b2021-12-21 12:23:29.717root 11241100x8000000000000000661462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8cd74c7510dcc92021-12-21 12:23:29.718root 11241100x8000000000000000661463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720a04a0c11fba4e2021-12-21 12:23:29.718root 11241100x8000000000000000661464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e0a0a3a79c46432021-12-21 12:23:29.718root 11241100x8000000000000000661465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a64efc99ea714d22021-12-21 12:23:29.718root 11241100x8000000000000000661466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b33ad490573289a2021-12-21 12:23:29.718root 11241100x8000000000000000661467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca495fe7cdbafe92021-12-21 12:23:29.718root 11241100x8000000000000000661468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d50371576989f6c2021-12-21 12:23:29.718root 11241100x8000000000000000661469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0bb02830a16aca2021-12-21 12:23:29.718root 11241100x8000000000000000661470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c7ad8fbf1515062021-12-21 12:23:29.718root 11241100x8000000000000000661471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4442e1113c95ef5a2021-12-21 12:23:29.718root 11241100x8000000000000000661472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307442ce5cd8bc7d2021-12-21 12:23:29.718root 11241100x8000000000000000661473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d328ce061a3164802021-12-21 12:23:29.719root 11241100x8000000000000000661474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7a6e5f509fdd652021-12-21 12:23:29.719root 11241100x8000000000000000661475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fca475253f86b152021-12-21 12:23:29.719root 11241100x8000000000000000661476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da740b0108fa2a482021-12-21 12:23:29.719root 11241100x8000000000000000661477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73195174df7285c22021-12-21 12:23:29.719root 11241100x8000000000000000661478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e18aac6ff663f812021-12-21 12:23:29.719root 11241100x8000000000000000661479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72c444d9b4443032021-12-21 12:23:29.719root 11241100x8000000000000000661480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677d50f2de7190802021-12-21 12:23:29.720root 11241100x8000000000000000661481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2974ab8a5ecd56db2021-12-21 12:23:29.720root 11241100x8000000000000000661482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0821c8425d2acc392021-12-21 12:23:29.720root 11241100x8000000000000000661483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3320fdc953270c2021-12-21 12:23:29.720root 11241100x8000000000000000661484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf984e456ab4ce02021-12-21 12:23:29.720root 11241100x8000000000000000661485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7604d25f1afad32021-12-21 12:23:29.721root 11241100x8000000000000000661486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b99218e7999d9be2021-12-21 12:23:29.722root 11241100x8000000000000000661487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d74195e686932a42021-12-21 12:23:29.722root 11241100x8000000000000000661488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20752802a9885322021-12-21 12:23:29.723root 11241100x8000000000000000661489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50769101b005efaa2021-12-21 12:23:29.723root 11241100x8000000000000000661490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:29.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bbe47aca174d842021-12-21 12:23:29.724root 11241100x8000000000000000661491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96db78fcdcaf79882021-12-21 12:23:30.193root 11241100x8000000000000000661492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b78fd038b8bdeb32021-12-21 12:23:30.193root 11241100x8000000000000000661493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e04fae7dc74512e2021-12-21 12:23:30.193root 11241100x8000000000000000661494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed833c3fc39b5aba2021-12-21 12:23:30.193root 11241100x8000000000000000661495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822c23df296491ec2021-12-21 12:23:30.193root 11241100x8000000000000000661496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da5947a613a9dec2021-12-21 12:23:30.193root 11241100x8000000000000000661497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b5d10744053e982021-12-21 12:23:30.193root 11241100x8000000000000000661498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c02c401fdbf6862021-12-21 12:23:30.194root 11241100x8000000000000000661499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e261046a52fa7462021-12-21 12:23:30.194root 11241100x8000000000000000661500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36823ee34b01ccd02021-12-21 12:23:30.194root 11241100x8000000000000000661501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b1857cbd97eee02021-12-21 12:23:30.194root 11241100x8000000000000000661502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe74783aea69d952021-12-21 12:23:30.194root 11241100x8000000000000000661503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477b652ab99a87052021-12-21 12:23:30.194root 11241100x8000000000000000661504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449d66b7e6ad7e2c2021-12-21 12:23:30.194root 11241100x8000000000000000661505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fc64d2a9e960332021-12-21 12:23:30.195root 11241100x8000000000000000661506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2f981a3ad8d51c2021-12-21 12:23:30.195root 11241100x8000000000000000661507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50714b8fc8dd52c82021-12-21 12:23:30.195root 11241100x8000000000000000661508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d95d7cd0f1bf5ab2021-12-21 12:23:30.195root 11241100x8000000000000000661509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dbd6f128f623a02021-12-21 12:23:30.195root 11241100x8000000000000000661510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88649130b928bfe2021-12-21 12:23:30.195root 11241100x8000000000000000661511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60dbc5c7de43410b2021-12-21 12:23:30.195root 11241100x8000000000000000661512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ae3b14b88ef7012021-12-21 12:23:30.195root 11241100x8000000000000000661513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb2685017ab98b32021-12-21 12:23:30.196root 11241100x8000000000000000661514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4bc8747451c4882021-12-21 12:23:30.196root 11241100x8000000000000000661515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824bce105739ee922021-12-21 12:23:30.196root 11241100x8000000000000000661516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c14963bfaea11422021-12-21 12:23:30.197root 11241100x8000000000000000661517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c89dc55725be7792021-12-21 12:23:30.197root 11241100x8000000000000000661518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e869b2080f2ea4f2021-12-21 12:23:30.197root 11241100x8000000000000000661519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47db059d88fcf5852021-12-21 12:23:30.197root 11241100x8000000000000000661520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747d7c60df7c3d6a2021-12-21 12:23:30.197root 11241100x8000000000000000661521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911caad131cb99a22021-12-21 12:23:30.198root 11241100x8000000000000000661522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61448d8b17d93b552021-12-21 12:23:30.198root 11241100x8000000000000000661523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de1fbd2f5187d0e2021-12-21 12:23:30.198root 11241100x8000000000000000661524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8b56ff4b509c892021-12-21 12:23:30.198root 11241100x8000000000000000661525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d694e64f912d59ce2021-12-21 12:23:30.198root 11241100x8000000000000000661526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914f1c15dcf586fc2021-12-21 12:23:30.198root 11241100x8000000000000000661527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d058ad911b8090f42021-12-21 12:23:30.199root 11241100x8000000000000000661528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e527b44ad87a95b2021-12-21 12:23:30.199root 11241100x8000000000000000661529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55418b3c09f101952021-12-21 12:23:30.199root 11241100x8000000000000000661530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af84e554bc1e83812021-12-21 12:23:30.199root 11241100x8000000000000000661531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9be29181cb96d52021-12-21 12:23:30.200root 11241100x8000000000000000661532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4612729a9321dbaa2021-12-21 12:23:30.200root 11241100x8000000000000000661533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c413c006245a4e2021-12-21 12:23:30.200root 11241100x8000000000000000661534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ad2137bd7e1e412021-12-21 12:23:30.200root 11241100x8000000000000000661535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805fb4242a015e8f2021-12-21 12:23:30.200root 11241100x8000000000000000661536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88143fab7bd555e52021-12-21 12:23:30.200root 11241100x8000000000000000661537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fd30305da499c12021-12-21 12:23:30.200root 11241100x8000000000000000661538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584d49a32254bcf52021-12-21 12:23:30.200root 11241100x8000000000000000661539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fa35d79768c8d52021-12-21 12:23:30.201root 11241100x8000000000000000661540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e8ba3c7013acf22021-12-21 12:23:30.201root 11241100x8000000000000000661541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47329e9485219842021-12-21 12:23:30.201root 11241100x8000000000000000661542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bc1750318ff6842021-12-21 12:23:30.201root 11241100x8000000000000000661543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ab2c9ad4743bf02021-12-21 12:23:30.201root 11241100x8000000000000000661544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b4583ba270d0ba2021-12-21 12:23:30.201root 11241100x8000000000000000661545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b5fec4a62c6bae2021-12-21 12:23:30.201root 11241100x8000000000000000661546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be27c6256d9dea3b2021-12-21 12:23:30.201root 11241100x8000000000000000661547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3e95e9101bf0062021-12-21 12:23:30.202root 11241100x8000000000000000661548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b4d260f06c5cb22021-12-21 12:23:30.202root 11241100x8000000000000000661549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d2a399f832135b2021-12-21 12:23:30.202root 11241100x8000000000000000661550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946176b633d4a9d22021-12-21 12:23:30.202root 11241100x8000000000000000661551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d6854a12b8a4762021-12-21 12:23:30.202root 11241100x8000000000000000661552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed6b86f81b24e4a2021-12-21 12:23:30.202root 11241100x8000000000000000661553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d034f814e251aaa12021-12-21 12:23:30.203root 11241100x8000000000000000661554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287453938bf5fe622021-12-21 12:23:30.203root 11241100x8000000000000000661555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c62db7d0364eac2021-12-21 12:23:30.203root 11241100x8000000000000000661556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851aba4e73a486842021-12-21 12:23:30.203root 11241100x8000000000000000661557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408504a942ae338b2021-12-21 12:23:30.203root 11241100x8000000000000000661558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3880e56f5b31762021-12-21 12:23:30.203root 11241100x8000000000000000661559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3aaac5baeef5cc42021-12-21 12:23:30.204root 11241100x8000000000000000661560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d88d9c6919f183f2021-12-21 12:23:30.204root 11241100x8000000000000000661561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fae36e432565e42021-12-21 12:23:30.204root 11241100x8000000000000000661562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54489eb927d4958f2021-12-21 12:23:30.204root 11241100x8000000000000000661563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca314c22c86b8b52021-12-21 12:23:30.205root 11241100x8000000000000000661564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552c0a7f5807aca22021-12-21 12:23:30.205root 11241100x8000000000000000661565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8114e2659b01d1c12021-12-21 12:23:30.205root 11241100x8000000000000000661566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc663c062051b3022021-12-21 12:23:30.205root 11241100x8000000000000000661567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d2575498b179462021-12-21 12:23:30.205root 11241100x8000000000000000661568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55268ff864d7dcfd2021-12-21 12:23:30.205root 11241100x8000000000000000661569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3783c7dc8ae01d762021-12-21 12:23:30.206root 11241100x8000000000000000661570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172aeef7b9588b572021-12-21 12:23:30.206root 11241100x8000000000000000661571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752c7ebee6646e442021-12-21 12:23:30.206root 11241100x8000000000000000661572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50618ca354f969a02021-12-21 12:23:30.206root 11241100x8000000000000000661573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7814acb78aed892021-12-21 12:23:30.206root 11241100x8000000000000000661574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c19b212bfd4fd52021-12-21 12:23:30.206root 11241100x8000000000000000661575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88b424ad09119c62021-12-21 12:23:30.207root 11241100x8000000000000000661576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f76680a0d3d495b2021-12-21 12:23:30.207root 11241100x8000000000000000661577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b8b63d33b224902021-12-21 12:23:30.207root 11241100x8000000000000000661578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cbf32d544f50522021-12-21 12:23:30.207root 11241100x8000000000000000661579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2002526068616b502021-12-21 12:23:30.207root 11241100x8000000000000000661580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d60aa70b4f17cf62021-12-21 12:23:30.207root 11241100x8000000000000000661581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb1a64e54110f532021-12-21 12:23:30.208root 11241100x8000000000000000661582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ced4d9fc7232e2e2021-12-21 12:23:30.208root 11241100x8000000000000000661583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63dfb1d91e596022021-12-21 12:23:30.208root 11241100x8000000000000000661584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a0ea3497042c6d2021-12-21 12:23:30.208root 11241100x8000000000000000661585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6473efd5656189372021-12-21 12:23:30.209root 11241100x8000000000000000661586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2931280f1cfed18b2021-12-21 12:23:30.209root 11241100x8000000000000000661587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2845f376899f36ea2021-12-21 12:23:30.209root 11241100x8000000000000000661588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990d2161992c75c22021-12-21 12:23:30.209root 11241100x8000000000000000661589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5983c0165325a4622021-12-21 12:23:30.209root 11241100x8000000000000000661590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadf65ec4c1ac3642021-12-21 12:23:30.209root 11241100x8000000000000000661591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a702c9232319cc2021-12-21 12:23:30.209root 11241100x8000000000000000661592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb2485eb52769962021-12-21 12:23:30.209root 11241100x8000000000000000661593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7830add96c5dc22021-12-21 12:23:30.210root 11241100x8000000000000000661594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d16e3c9a503180c2021-12-21 12:23:30.210root 11241100x8000000000000000661595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e608d7c9a4681fc2021-12-21 12:23:30.210root 11241100x8000000000000000661596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d8399610c2e30d2021-12-21 12:23:30.210root 11241100x8000000000000000661597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924a3ea841eceaad2021-12-21 12:23:30.210root 11241100x8000000000000000661598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0647d9d92bbbe22021-12-21 12:23:30.210root 11241100x8000000000000000661599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177a1ff30fd5a0af2021-12-21 12:23:30.210root 11241100x8000000000000000661600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eddbb8ffb6055dc42021-12-21 12:23:30.211root 11241100x8000000000000000661601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33baa1a3eec5b57a2021-12-21 12:23:30.211root 11241100x8000000000000000661602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b585afc30a73d7372021-12-21 12:23:30.211root 11241100x8000000000000000661603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f8f399aa0a6e2a2021-12-21 12:23:30.211root 11241100x8000000000000000661604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23757a2f40a15dfb2021-12-21 12:23:30.212root 11241100x8000000000000000661605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73224436c7b3e4c52021-12-21 12:23:30.212root 11241100x8000000000000000661606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ef4667a28e8db52021-12-21 12:23:30.212root 11241100x8000000000000000661607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffe2880b8026f0d2021-12-21 12:23:30.212root 11241100x8000000000000000661608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84855aac6031050c2021-12-21 12:23:30.212root 11241100x8000000000000000661609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8662a763428dcd2021-12-21 12:23:30.212root 11241100x8000000000000000661610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a958b496ca0521072021-12-21 12:23:30.212root 11241100x8000000000000000661611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f672f4b946438c2021-12-21 12:23:30.213root 11241100x8000000000000000661612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532820f20031a95a2021-12-21 12:23:30.213root 11241100x8000000000000000661613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f480580407b9ca72021-12-21 12:23:30.213root 11241100x8000000000000000661614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867de1f17319168d2021-12-21 12:23:30.213root 11241100x8000000000000000661615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2c983d350f5b422021-12-21 12:23:30.213root 11241100x8000000000000000661616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82117b49d86cf512021-12-21 12:23:30.213root 11241100x8000000000000000661617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d0b13bc744ee652021-12-21 12:23:30.213root 11241100x8000000000000000661618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c17cbc0015ff602021-12-21 12:23:30.214root 11241100x8000000000000000661619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd87fff29e2073b2021-12-21 12:23:30.214root 11241100x8000000000000000661620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ff7535142ce3e12021-12-21 12:23:30.214root 11241100x8000000000000000661621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc241c4d593a2a122021-12-21 12:23:30.215root 11241100x8000000000000000661622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae147aa7045026292021-12-21 12:23:30.215root 11241100x8000000000000000661623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81c7e5fb8a945b82021-12-21 12:23:30.215root 11241100x8000000000000000661624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f1e1458dd111222021-12-21 12:23:30.215root 11241100x8000000000000000661625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1889229f9cad1d2021-12-21 12:23:30.215root 11241100x8000000000000000661626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8399b094b67fcffb2021-12-21 12:23:30.215root 11241100x8000000000000000661627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d2738cbcb2f2e62021-12-21 12:23:30.215root 11241100x8000000000000000661628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cbb70d2ce881772021-12-21 12:23:30.215root 11241100x8000000000000000661629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d9727c882544602021-12-21 12:23:30.215root 11241100x8000000000000000661630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a298c070a14946a92021-12-21 12:23:30.216root 11241100x8000000000000000661631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab5ab7129f6e96a2021-12-21 12:23:30.216root 11241100x8000000000000000661632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f37a41868dd04c2021-12-21 12:23:30.216root 11241100x8000000000000000661633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede8345bb8c08afc2021-12-21 12:23:30.216root 11241100x8000000000000000661634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcec5ed931f8a1182021-12-21 12:23:30.216root 11241100x8000000000000000661635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845a582d6f055bf02021-12-21 12:23:30.217root 11241100x8000000000000000661636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c817ec764d56d92021-12-21 12:23:30.217root 11241100x8000000000000000661637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3277651d7900f32021-12-21 12:23:30.217root 11241100x8000000000000000661638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84bf992a6ab8f002021-12-21 12:23:30.217root 11241100x8000000000000000661639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9271b44ba32a9d42021-12-21 12:23:30.219root 11241100x8000000000000000661640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104e91941aead1b12021-12-21 12:23:30.219root 11241100x8000000000000000661641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e7cc24df5579d42021-12-21 12:23:30.219root 11241100x8000000000000000661642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2ee20137d116752021-12-21 12:23:30.219root 11241100x8000000000000000661643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcc20ea2b0a02512021-12-21 12:23:30.219root 11241100x8000000000000000661644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa66e2f8cc2fec742021-12-21 12:23:30.219root 11241100x8000000000000000661645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ef7f3dd2c841722021-12-21 12:23:30.220root 11241100x8000000000000000661646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7ee4c65c26e1832021-12-21 12:23:30.220root 11241100x8000000000000000661647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ac445acec973482021-12-21 12:23:30.220root 11241100x8000000000000000661648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e298f23c1cf9a12021-12-21 12:23:30.220root 11241100x8000000000000000661649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc9fff9382389e52021-12-21 12:23:30.220root 11241100x8000000000000000661650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262f92d11d6b914a2021-12-21 12:23:30.220root 11241100x8000000000000000661651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477ecc5809471cd32021-12-21 12:23:30.220root 11241100x8000000000000000661652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92273abde81f515f2021-12-21 12:23:30.220root 11241100x8000000000000000661653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b21f4863c3d14f92021-12-21 12:23:30.221root 11241100x8000000000000000661654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f324bb7e2d794252021-12-21 12:23:30.221root 11241100x8000000000000000661655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3b8a583a1c51012021-12-21 12:23:30.221root 11241100x8000000000000000661656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177cef93042de8372021-12-21 12:23:30.221root 11241100x8000000000000000661657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aebd720e2d7bab62021-12-21 12:23:30.221root 11241100x8000000000000000661658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83741f7f3ceb70e42021-12-21 12:23:30.221root 11241100x8000000000000000661659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4d62e77b59fd342021-12-21 12:23:30.221root 11241100x8000000000000000661660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663283b4a260edd42021-12-21 12:23:30.222root 11241100x8000000000000000661661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feedda0078a301582021-12-21 12:23:30.222root 11241100x8000000000000000661662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdfe6b9e7f3a1b52021-12-21 12:23:30.222root 11241100x8000000000000000661663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a87b51801b6eee2021-12-21 12:23:30.222root 11241100x8000000000000000661664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb6e4316cfec6ba2021-12-21 12:23:30.222root 11241100x8000000000000000661665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b78a6a1a4c3ecb2021-12-21 12:23:30.222root 11241100x8000000000000000661666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da4645e24f22d3d2021-12-21 12:23:30.222root 11241100x8000000000000000661667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e149b1738fbfb4282021-12-21 12:23:30.222root 11241100x8000000000000000661668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68aee0ebcef65382021-12-21 12:23:30.222root 11241100x8000000000000000661669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55bb0a9713da9732021-12-21 12:23:30.223root 11241100x8000000000000000661670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863e6786f1d401542021-12-21 12:23:30.223root 11241100x8000000000000000661671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3e15d726d351a92021-12-21 12:23:30.223root 11241100x8000000000000000661672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a55f8422d2c7892021-12-21 12:23:30.223root 11241100x8000000000000000661673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2a9d6ae007f7d52021-12-21 12:23:30.223root 11241100x8000000000000000661674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e59d81843a0eaa92021-12-21 12:23:30.223root 11241100x8000000000000000661675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ad9d2e2b2f1b772021-12-21 12:23:30.223root 11241100x8000000000000000661676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b0bf4dc6c93a3b2021-12-21 12:23:30.223root 11241100x8000000000000000661677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18869321976f9772021-12-21 12:23:30.224root 11241100x8000000000000000661678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b359d6fb952d80c72021-12-21 12:23:30.224root 11241100x8000000000000000661679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf01f785b64060272021-12-21 12:23:30.224root 11241100x8000000000000000661680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24676bbc6b5033ca2021-12-21 12:23:30.224root 11241100x8000000000000000661681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85e2315c1aca7be2021-12-21 12:23:30.224root 11241100x8000000000000000661682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd87afe656607022021-12-21 12:23:30.224root 11241100x8000000000000000661683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4340af04d537c1872021-12-21 12:23:30.224root 11241100x8000000000000000661684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1416804acaaa8622021-12-21 12:23:30.224root 11241100x8000000000000000661685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab734b669f62e192021-12-21 12:23:30.224root 11241100x8000000000000000661686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4041a9166354a2122021-12-21 12:23:30.225root 11241100x8000000000000000661687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1194992b2d4da11f2021-12-21 12:23:30.225root 11241100x8000000000000000661688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545c9d04f18c934f2021-12-21 12:23:30.225root 11241100x8000000000000000661689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b2fe80c84cb9182021-12-21 12:23:30.226root 11241100x8000000000000000661690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8ab8561d6d22122021-12-21 12:23:30.226root 11241100x8000000000000000661691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbae1dd957c7d35e2021-12-21 12:23:30.226root 11241100x8000000000000000661692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7541bd907aa4c3d82021-12-21 12:23:30.226root 11241100x8000000000000000661693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1df9ba6339c592e2021-12-21 12:23:30.226root 11241100x8000000000000000661694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e6464916b8eec02021-12-21 12:23:30.227root 11241100x8000000000000000661695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ae4c459f4b02a52021-12-21 12:23:30.228root 11241100x8000000000000000661696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca79915f2a99d3e2021-12-21 12:23:30.228root 11241100x8000000000000000661697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c65e39965e90072021-12-21 12:23:30.228root 11241100x8000000000000000661698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4dc7d170f884c162021-12-21 12:23:30.228root 11241100x8000000000000000661699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599d73556393f8cb2021-12-21 12:23:30.228root 11241100x8000000000000000661700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218e6a663260a2f22021-12-21 12:23:30.228root 11241100x8000000000000000661701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f49756a6c9137a2021-12-21 12:23:30.228root 11241100x8000000000000000661702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f6d3b2560581ca2021-12-21 12:23:30.228root 11241100x8000000000000000661703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7dca9cd62e1888f2021-12-21 12:23:30.228root 11241100x8000000000000000661704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2c5fe042268cc32021-12-21 12:23:30.229root 11241100x8000000000000000661705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1048ec26a8b7e232021-12-21 12:23:30.229root 11241100x8000000000000000661706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3b8ffbf3d7dac22021-12-21 12:23:30.229root 11241100x8000000000000000661707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6173df9847d9b30a2021-12-21 12:23:30.229root 11241100x8000000000000000661708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b03545a31857db82021-12-21 12:23:30.229root 11241100x8000000000000000661709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8373f8d7e340dd2021-12-21 12:23:30.230root 11241100x8000000000000000661710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce5c07fd31962a32021-12-21 12:23:30.230root 11241100x8000000000000000661711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356d1866dff3ce322021-12-21 12:23:30.230root 11241100x8000000000000000661712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3b5e268c818bfe2021-12-21 12:23:30.230root 11241100x8000000000000000661713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a75f16e5b43b5d2021-12-21 12:23:30.230root 11241100x8000000000000000661714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b06d736c436d772021-12-21 12:23:30.230root 11241100x8000000000000000661715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb64a84da09c2cd2021-12-21 12:23:30.230root 11241100x8000000000000000661716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac33d5956f43354d2021-12-21 12:23:30.230root 11241100x8000000000000000661717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc994a4bdc77cb12021-12-21 12:23:30.231root 11241100x8000000000000000661718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec142c87973b89e2021-12-21 12:23:30.231root 11241100x8000000000000000661719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b325fd2edbf312a22021-12-21 12:23:30.231root 11241100x8000000000000000661720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf1282f9372631c2021-12-21 12:23:30.231root 11241100x8000000000000000661721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a4c0e2784c40c02021-12-21 12:23:30.231root 11241100x8000000000000000661722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdda5e7b90a0efcb2021-12-21 12:23:30.231root 11241100x8000000000000000661723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4236783e74abbd92021-12-21 12:23:30.233root 11241100x8000000000000000661724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b644d31c07dcbf2021-12-21 12:23:30.233root 11241100x8000000000000000661725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f2ddb4f0f345112021-12-21 12:23:30.233root 11241100x8000000000000000661726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1e73e8fd34acdd2021-12-21 12:23:30.233root 11241100x8000000000000000661727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4f5e29c9a2f5d02021-12-21 12:23:30.234root 11241100x8000000000000000661728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e584217e8d5af2f72021-12-21 12:23:30.234root 11241100x8000000000000000661729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8a29f1885093052021-12-21 12:23:30.234root 11241100x8000000000000000661730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a43901f50cac3e02021-12-21 12:23:30.234root 11241100x8000000000000000661731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab094372b1a03e92021-12-21 12:23:30.234root 11241100x8000000000000000661732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a05b87773b36b32021-12-21 12:23:30.234root 11241100x8000000000000000661733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03e282f2a56c0872021-12-21 12:23:30.234root 11241100x8000000000000000661734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfb467fd56aee672021-12-21 12:23:30.234root 11241100x8000000000000000661735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bf55e02ca1135b2021-12-21 12:23:30.234root 11241100x8000000000000000661736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92198e4dce412b282021-12-21 12:23:30.234root 11241100x8000000000000000661737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c93a415f1686a92021-12-21 12:23:30.235root 11241100x8000000000000000661738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904d88256a56f67b2021-12-21 12:23:30.235root 11241100x8000000000000000661739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e83e49cb325f8792021-12-21 12:23:30.235root 11241100x8000000000000000661740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7d90ca6193218b2021-12-21 12:23:30.235root 11241100x8000000000000000661741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fd08a4088af27a2021-12-21 12:23:30.235root 11241100x8000000000000000661742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c862a8a5a736c4132021-12-21 12:23:30.235root 11241100x8000000000000000661743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeefa189261387d12021-12-21 12:23:30.236root 11241100x8000000000000000661744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1aa3db1c908a3bb2021-12-21 12:23:30.236root 11241100x8000000000000000661745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d640e1fe48f1692021-12-21 12:23:30.236root 11241100x8000000000000000661746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89188e263ebe7c302021-12-21 12:23:30.237root 11241100x8000000000000000661747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a522c12e7096c1ad2021-12-21 12:23:30.237root 11241100x8000000000000000661748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62efbed7d0fbb6a02021-12-21 12:23:30.238root 11241100x8000000000000000661749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbdaafba251b58f2021-12-21 12:23:30.238root 11241100x8000000000000000661750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68791bc2fc1147f02021-12-21 12:23:30.239root 11241100x8000000000000000661751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5920cc8fcf9dcd4f2021-12-21 12:23:30.239root 11241100x8000000000000000661752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7866d701fabc6d2021-12-21 12:23:30.239root 11241100x8000000000000000661753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cba650d2930b542021-12-21 12:23:30.239root 11241100x8000000000000000661754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e660fb95a59e2d0c2021-12-21 12:23:30.239root 11241100x8000000000000000661755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a30fd72782f88c72021-12-21 12:23:30.240root 11241100x8000000000000000661756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ad65a28bb769d42021-12-21 12:23:30.240root 11241100x8000000000000000661757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f091cb5638c6f3482021-12-21 12:23:30.240root 11241100x8000000000000000661758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129434ebc35becc72021-12-21 12:23:30.240root 11241100x8000000000000000661759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59f4573cb0992a12021-12-21 12:23:30.240root 11241100x8000000000000000661760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2b616e7f5bf8bd2021-12-21 12:23:30.240root 11241100x8000000000000000661761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9715fa8e5d72352021-12-21 12:23:30.241root 11241100x8000000000000000661762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f06e99817630c0f2021-12-21 12:23:30.241root 11241100x8000000000000000661763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486fe6c59f100b522021-12-21 12:23:30.241root 11241100x8000000000000000661764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03c13c67ac69ea52021-12-21 12:23:30.241root 11241100x8000000000000000661765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa979524de6b0dad2021-12-21 12:23:30.241root 11241100x8000000000000000661766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc67375f9b64c432021-12-21 12:23:30.241root 11241100x8000000000000000661767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d21c1335539e9562021-12-21 12:23:30.241root 11241100x8000000000000000661768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708f194c451965be2021-12-21 12:23:30.242root 11241100x8000000000000000661769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fb61a8161dd7182021-12-21 12:23:30.242root 11241100x8000000000000000661770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce159b8bd082c3692021-12-21 12:23:30.242root 11241100x8000000000000000661771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ef222a618a72ee2021-12-21 12:23:30.242root 11241100x8000000000000000661772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310821d27750cb7a2021-12-21 12:23:30.242root 11241100x8000000000000000661773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9341202290ba1d12021-12-21 12:23:30.242root 11241100x8000000000000000661774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54562ee42e9ef2562021-12-21 12:23:30.242root 11241100x8000000000000000661775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398a655e60006da12021-12-21 12:23:30.242root 11241100x8000000000000000661776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0145ac01c91c032021-12-21 12:23:30.243root 11241100x8000000000000000661777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0432d9acfb1c16442021-12-21 12:23:30.243root 11241100x8000000000000000661778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3f6b072880a6ec2021-12-21 12:23:30.243root 11241100x8000000000000000661779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d603457b16bf07202021-12-21 12:23:30.243root 11241100x8000000000000000661780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518c7121638c09292021-12-21 12:23:30.243root 11241100x8000000000000000661781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b91dabae1cd8132021-12-21 12:23:30.243root 11241100x8000000000000000661782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9b6709854699d32021-12-21 12:23:30.244root 11241100x8000000000000000661783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd20473042904b02021-12-21 12:23:30.244root 11241100x8000000000000000661784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57b18ba27ab26e62021-12-21 12:23:30.244root 11241100x8000000000000000661785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277fd006b9f8a51c2021-12-21 12:23:30.244root 11241100x8000000000000000661786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7bb688bb98a3052021-12-21 12:23:30.244root 11241100x8000000000000000661787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9850284130c0675f2021-12-21 12:23:30.245root 11241100x8000000000000000661788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04f3ecdfd1fd5b72021-12-21 12:23:30.245root 11241100x8000000000000000661789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bb846a18b747a32021-12-21 12:23:30.245root 11241100x8000000000000000661790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969048970340368f2021-12-21 12:23:30.245root 11241100x8000000000000000661791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbbcfbdde0519e32021-12-21 12:23:30.246root 11241100x8000000000000000661792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b334b66f719221122021-12-21 12:23:30.246root 11241100x8000000000000000661793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fca52461559c5d22021-12-21 12:23:30.246root 11241100x8000000000000000661794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129e3d58003c7b8b2021-12-21 12:23:30.246root 11241100x8000000000000000661795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770a58ebc1bc120a2021-12-21 12:23:30.246root 11241100x8000000000000000661796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649bebf2222370a12021-12-21 12:23:30.246root 11241100x8000000000000000661797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431130e285adbe212021-12-21 12:23:30.247root 11241100x8000000000000000661798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bac8bf791a876f02021-12-21 12:23:30.247root 11241100x8000000000000000661799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d139629622368b2021-12-21 12:23:30.247root 11241100x8000000000000000661800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a1c9dd614bbcec2021-12-21 12:23:30.247root 11241100x8000000000000000661801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9401bfab48b72d012021-12-21 12:23:30.247root 11241100x8000000000000000661802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7521ff6ad8e90ba22021-12-21 12:23:30.247root 11241100x8000000000000000661803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103414b307458afc2021-12-21 12:23:30.247root 11241100x8000000000000000661804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b4ed6cbf6eb8812021-12-21 12:23:30.247root 11241100x8000000000000000661805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c196076d88c75d22021-12-21 12:23:30.247root 11241100x8000000000000000661806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12959a3ccf1f95b2021-12-21 12:23:30.248root 11241100x8000000000000000661807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ead074f7fa6cf5c2021-12-21 12:23:30.248root 11241100x8000000000000000661808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2420799946ea54172021-12-21 12:23:30.248root 11241100x8000000000000000661809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbeb0d491f2f4bb2021-12-21 12:23:30.248root 11241100x8000000000000000661810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af1eaa5ccc7b6742021-12-21 12:23:30.248root 11241100x8000000000000000661811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f2d249171027ff2021-12-21 12:23:30.250root 11241100x8000000000000000661812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff6996e22aed6d12021-12-21 12:23:30.250root 11241100x8000000000000000661813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b78dd5347a909402021-12-21 12:23:30.250root 11241100x8000000000000000661814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02ffe272a17a9562021-12-21 12:23:30.250root 11241100x8000000000000000661815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91f3552ff2763a12021-12-21 12:23:30.251root 11241100x8000000000000000661816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480666ed3458b5352021-12-21 12:23:30.251root 11241100x8000000000000000661817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14f24c049d95db72021-12-21 12:23:30.251root 11241100x8000000000000000661818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c556a8bca16203522021-12-21 12:23:30.251root 11241100x8000000000000000661819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5523641a00c60b2021-12-21 12:23:30.252root 11241100x8000000000000000661820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38302567714b84cd2021-12-21 12:23:30.252root 11241100x8000000000000000661821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b25b3f6d3bccb632021-12-21 12:23:30.252root 11241100x8000000000000000661822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eab356912ca4a692021-12-21 12:23:30.252root 11241100x8000000000000000661823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e935943d67994e892021-12-21 12:23:30.252root 11241100x8000000000000000661824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd6b0c695a94fb82021-12-21 12:23:30.252root 11241100x8000000000000000661825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed0424eb6efb7492021-12-21 12:23:30.252root 11241100x8000000000000000661826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c5ed75c49854232021-12-21 12:23:30.253root 11241100x8000000000000000661827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb58278c863d1bc42021-12-21 12:23:30.253root 11241100x8000000000000000661828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72caf9c9b3295332021-12-21 12:23:30.253root 11241100x8000000000000000661829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7a97f688c452a22021-12-21 12:23:30.253root 11241100x8000000000000000661830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc73d847005cb182021-12-21 12:23:30.253root 11241100x8000000000000000661831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f11eea631a1eaf2021-12-21 12:23:30.253root 11241100x8000000000000000661832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291f70666b44e7ff2021-12-21 12:23:30.253root 11241100x8000000000000000661833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba097bba8c446602021-12-21 12:23:30.254root 11241100x8000000000000000661834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e306b7383b213252021-12-21 12:23:30.254root 11241100x8000000000000000661835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453d96f6a215581f2021-12-21 12:23:30.254root 11241100x8000000000000000661836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1cc823eebc55062021-12-21 12:23:30.254root 11241100x8000000000000000661837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a612f51bd081fb32021-12-21 12:23:30.254root 11241100x8000000000000000661838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a892d45d6d270f32021-12-21 12:23:30.254root 11241100x8000000000000000661839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eabbce480fca5152021-12-21 12:23:30.254root 11241100x8000000000000000661840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f753ea07fa4c1e02021-12-21 12:23:30.255root 11241100x8000000000000000661841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97947ccb9a73f9702021-12-21 12:23:30.255root 11241100x8000000000000000661842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95c6f08022b15bc2021-12-21 12:23:30.255root 11241100x8000000000000000661843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3c7115089758562021-12-21 12:23:30.255root 11241100x8000000000000000661844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a106611c855f3512021-12-21 12:23:30.255root 11241100x8000000000000000661845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a442ec90447bf0952021-12-21 12:23:30.256root 11241100x8000000000000000661846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3c8429d5ecbf742021-12-21 12:23:30.256root 11241100x8000000000000000661847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bccf92e37eb73f62021-12-21 12:23:30.256root 11241100x8000000000000000661848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa4c7ac90d8133f2021-12-21 12:23:30.256root 11241100x8000000000000000661849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a6cc116c4955df2021-12-21 12:23:30.256root 11241100x8000000000000000661850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2e02e6021a45622021-12-21 12:23:30.256root 11241100x8000000000000000661851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1164b0a9d9cf76b22021-12-21 12:23:30.256root 11241100x8000000000000000661852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99872a66ca4217da2021-12-21 12:23:30.257root 11241100x8000000000000000661853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fdcfe413fc1eb42021-12-21 12:23:30.257root 11241100x8000000000000000661854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7480480b5eb6e02021-12-21 12:23:30.257root 11241100x8000000000000000661855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a16cd8ce3b5ab832021-12-21 12:23:30.257root 11241100x8000000000000000661856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f778607e7df41ed2021-12-21 12:23:30.257root 11241100x8000000000000000661857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61020d4de30718952021-12-21 12:23:30.258root 11241100x8000000000000000661858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39c0cd6a9fdb0a82021-12-21 12:23:30.258root 11241100x8000000000000000661859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66409c709a1860722021-12-21 12:23:30.258root 11241100x8000000000000000661860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb944c8fe0facb412021-12-21 12:23:30.258root 11241100x8000000000000000661861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c049d779bc34f6c12021-12-21 12:23:30.258root 11241100x8000000000000000661862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949ee744d42485062021-12-21 12:23:30.258root 11241100x8000000000000000661863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c6fd670eb4988b2021-12-21 12:23:30.258root 11241100x8000000000000000661864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530f09279a13ac632021-12-21 12:23:30.258root 11241100x8000000000000000661865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5a90fcf889cd9e2021-12-21 12:23:30.259root 11241100x8000000000000000661866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad863d2460d03e6a2021-12-21 12:23:30.259root 11241100x8000000000000000661867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b0dd1bf3e96d562021-12-21 12:23:30.259root 11241100x8000000000000000661868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b864080cbc1d732021-12-21 12:23:30.259root 11241100x8000000000000000661869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9044d9295a08d042021-12-21 12:23:30.259root 11241100x8000000000000000661870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78fa9d99d26978a2021-12-21 12:23:30.259root 11241100x8000000000000000661871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b07a6ee3d089962021-12-21 12:23:30.259root 11241100x8000000000000000661872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604a533ba92b47c12021-12-21 12:23:30.259root 11241100x8000000000000000661873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9b7372a718f3fa2021-12-21 12:23:30.259root 11241100x8000000000000000661874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e064a511b351edcf2021-12-21 12:23:30.260root 11241100x8000000000000000661875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f223e977c84b2fea2021-12-21 12:23:30.260root 11241100x8000000000000000661876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193a1bfea0f735b02021-12-21 12:23:30.260root 11241100x8000000000000000661877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71971317ffe9faf2021-12-21 12:23:30.260root 11241100x8000000000000000661878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02b1bc78a55340a2021-12-21 12:23:30.260root 11241100x8000000000000000661879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62098c1239c23bd2021-12-21 12:23:30.260root 11241100x8000000000000000661880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e5002938fe6f222021-12-21 12:23:30.260root 11241100x8000000000000000661881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9644abfa87568d42021-12-21 12:23:30.260root 11241100x8000000000000000661882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109978907b51ee602021-12-21 12:23:30.260root 11241100x8000000000000000661883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de552de15f4485b2021-12-21 12:23:30.261root 11241100x8000000000000000661884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ede159b5f1ef342021-12-21 12:23:30.261root 11241100x8000000000000000661885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f2ffd22d3cb0582021-12-21 12:23:30.261root 11241100x8000000000000000661886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f743b5d6b8103ff2021-12-21 12:23:30.261root 11241100x8000000000000000661887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602fa4af9751d4fc2021-12-21 12:23:30.261root 11241100x8000000000000000661888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ec3349acf2f4bc2021-12-21 12:23:30.261root 11241100x8000000000000000661889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3d8ec14a379a502021-12-21 12:23:30.261root 11241100x8000000000000000661890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea8b3e96678dc0a2021-12-21 12:23:30.261root 11241100x8000000000000000661891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b626c5cb31d0f5942021-12-21 12:23:30.261root 11241100x8000000000000000661892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.262{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850a8fcbc1b154802021-12-21 12:23:30.262root 11241100x8000000000000000661893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.262{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06464948c30e6a4d2021-12-21 12:23:30.262root 11241100x8000000000000000661894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.262{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec2650fab1857bd2021-12-21 12:23:30.262root 11241100x8000000000000000661895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.262{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4eb0cd4c8648232021-12-21 12:23:30.262root 11241100x8000000000000000661896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.262{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171e0463cd37a1ec2021-12-21 12:23:30.262root 11241100x8000000000000000661897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.262{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa9e156b441b4032021-12-21 12:23:30.262root 11241100x8000000000000000661898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.262{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae0e63e6cfb7c792021-12-21 12:23:30.262root 11241100x8000000000000000661899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.262{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173b7072f225147d2021-12-21 12:23:30.262root 11241100x8000000000000000661900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.264{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b43be9fec4400222021-12-21 12:23:30.264root 11241100x8000000000000000661901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.264{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7856f5ec52ad292a2021-12-21 12:23:30.264root 11241100x8000000000000000661902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.265{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7cc7ba870d1e2b2021-12-21 12:23:30.265root 11241100x8000000000000000661903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.265{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9fbc6357c4453c2021-12-21 12:23:30.265root 11241100x8000000000000000661904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.265{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4099f5f6a24c0f2021-12-21 12:23:30.265root 11241100x8000000000000000661905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.265{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc8ab9284a249bb2021-12-21 12:23:30.265root 11241100x8000000000000000661906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.265{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c2bc5e217da9642021-12-21 12:23:30.265root 11241100x8000000000000000661907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.265{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cb49e557637d3e2021-12-21 12:23:30.265root 11241100x8000000000000000661908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.265{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0e6f350e04baef2021-12-21 12:23:30.265root 11241100x8000000000000000661909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.265{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adec19d3dd0242282021-12-21 12:23:30.265root 11241100x8000000000000000661910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.265{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22a99cdadc5f8232021-12-21 12:23:30.265root 11241100x8000000000000000661911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.266{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a4d2285effe18e2021-12-21 12:23:30.266root 11241100x8000000000000000661912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.266{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427bd8a98876e3de2021-12-21 12:23:30.266root 11241100x8000000000000000661913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.266{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946f8dd665548bea2021-12-21 12:23:30.266root 11241100x8000000000000000661914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.266{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff44b54d6d245302021-12-21 12:23:30.266root 11241100x8000000000000000661915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.266{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ca447825a8cd202021-12-21 12:23:30.266root 11241100x8000000000000000661916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.266{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51ab730f1027f902021-12-21 12:23:30.266root 11241100x8000000000000000661917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.266{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c4cc2113c89f9d2021-12-21 12:23:30.266root 11241100x8000000000000000661918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.267{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e403377d088767bd2021-12-21 12:23:30.267root 11241100x8000000000000000661919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.267{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff88e891080502e2021-12-21 12:23:30.267root 11241100x8000000000000000661920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.267{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced53c6ac929736a2021-12-21 12:23:30.267root 11241100x8000000000000000661921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.267{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5b37e6356f21d62021-12-21 12:23:30.267root 11241100x8000000000000000661922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.267{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f992ab56b824822021-12-21 12:23:30.267root 11241100x8000000000000000661923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.267{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818797f878d1a8362021-12-21 12:23:30.267root 11241100x8000000000000000661924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.267{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2cb1a49d73512f2021-12-21 12:23:30.267root 11241100x8000000000000000661925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.267{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0b18e9b8defa3b2021-12-21 12:23:30.267root 11241100x8000000000000000661926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.267{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c5d49f95c524292021-12-21 12:23:30.267root 11241100x8000000000000000661927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41160804e1f385d82021-12-21 12:23:30.268root 11241100x8000000000000000661928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d063f96b12885792021-12-21 12:23:30.268root 11241100x8000000000000000661929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272dbdc3bd8d36782021-12-21 12:23:30.268root 11241100x8000000000000000661930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be77ef23d57bca062021-12-21 12:23:30.269root 11241100x8000000000000000661931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3b669c033d9e642021-12-21 12:23:30.269root 11241100x8000000000000000661932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c99796d8cef1a342021-12-21 12:23:30.269root 11241100x8000000000000000661933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb736895ec9bfee2021-12-21 12:23:30.269root 11241100x8000000000000000661934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2b0f0ce4f556ab2021-12-21 12:23:30.269root 11241100x8000000000000000661935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12dca282d2934752021-12-21 12:23:30.269root 11241100x8000000000000000661936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e11675a370918e62021-12-21 12:23:30.274root 11241100x8000000000000000661937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29996630470dca2b2021-12-21 12:23:30.275root 11241100x8000000000000000661938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab847925afb2fba2021-12-21 12:23:30.275root 11241100x8000000000000000661939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2fcd715121e75e2021-12-21 12:23:30.275root 11241100x8000000000000000661940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f268cf36d5a1beb62021-12-21 12:23:30.275root 11241100x8000000000000000661941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ce3d075cbbde2c2021-12-21 12:23:30.275root 11241100x8000000000000000661942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f67c5d90ad14d62021-12-21 12:23:30.275root 11241100x8000000000000000661943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f92157dea1bb7e02021-12-21 12:23:30.276root 11241100x8000000000000000661944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3871f5f7a8744b262021-12-21 12:23:30.276root 11241100x8000000000000000661945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de04bb09ce377f692021-12-21 12:23:30.276root 11241100x8000000000000000661946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5ab44875805b752021-12-21 12:23:30.276root 11241100x8000000000000000661947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ac1df948cad2092021-12-21 12:23:30.276root 11241100x8000000000000000661948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb34dd289ff0d5dc2021-12-21 12:23:30.276root 11241100x8000000000000000661949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfae847a3938dbd2021-12-21 12:23:30.276root 11241100x8000000000000000661950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01427c35f62925ff2021-12-21 12:23:30.276root 11241100x8000000000000000661951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.277{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c541a65e50e14c2021-12-21 12:23:30.277root 11241100x8000000000000000661952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.277{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5de9bfcc19dfd62021-12-21 12:23:30.277root 11241100x8000000000000000661953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.277{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990af9fe22c0436b2021-12-21 12:23:30.277root 11241100x8000000000000000661954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1931f1a713d98a862021-12-21 12:23:30.278root 11241100x8000000000000000661955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31364e93f900c5712021-12-21 12:23:30.278root 11241100x8000000000000000661956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957a5842ddecf42e2021-12-21 12:23:30.278root 11241100x8000000000000000661957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131de389f91580392021-12-21 12:23:30.278root 11241100x8000000000000000661958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e83d24cbecfc9b2021-12-21 12:23:30.278root 11241100x8000000000000000661959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af1a3cb191b12522021-12-21 12:23:30.278root 11241100x8000000000000000661960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef22fece7e3d83482021-12-21 12:23:30.279root 11241100x8000000000000000661961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae160fc71b634db2021-12-21 12:23:30.279root 11241100x8000000000000000661962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74073029ef0689442021-12-21 12:23:30.279root 11241100x8000000000000000661963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859dc5ee9135e57b2021-12-21 12:23:30.279root 11241100x8000000000000000661964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410065b0f8059f062021-12-21 12:23:30.280root 11241100x8000000000000000661965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe7954dfd236ca12021-12-21 12:23:30.280root 11241100x8000000000000000661966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18830ecdf60276b12021-12-21 12:23:30.280root 11241100x8000000000000000661967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1109a774799ae12021-12-21 12:23:30.280root 11241100x8000000000000000661968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d5b9607b7b0a812021-12-21 12:23:30.280root 11241100x8000000000000000661969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f06890f84fb34332021-12-21 12:23:30.280root 11241100x8000000000000000661970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818543658912ebab2021-12-21 12:23:30.280root 11241100x8000000000000000661971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfea5ad784767fa12021-12-21 12:23:30.280root 11241100x8000000000000000661972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19054d6c6b02d4f62021-12-21 12:23:30.280root 11241100x8000000000000000661973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75141bc294e35da2021-12-21 12:23:30.280root 11241100x8000000000000000661974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdf0c4155555e982021-12-21 12:23:30.281root 11241100x8000000000000000661975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0047db6ce2d6331e2021-12-21 12:23:30.281root 11241100x8000000000000000661976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3c2cad7bcd97912021-12-21 12:23:30.281root 11241100x8000000000000000661977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3c0fc0d96593082021-12-21 12:23:30.281root 11241100x8000000000000000661978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61caa1ec020e5e042021-12-21 12:23:30.281root 11241100x8000000000000000661979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a28b944131c2fe12021-12-21 12:23:30.281root 11241100x8000000000000000661980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264f94432d90e6252021-12-21 12:23:30.281root 11241100x8000000000000000661981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23a02139b48012f2021-12-21 12:23:30.281root 11241100x8000000000000000661982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe51a6ab414236e2021-12-21 12:23:30.281root 11241100x8000000000000000661983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.282{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74325d695bb3d952021-12-21 12:23:30.282root 11241100x8000000000000000661984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.282{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8ac3eaa74042ef2021-12-21 12:23:30.282root 11241100x8000000000000000661985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.282{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e2ca284a5f75232021-12-21 12:23:30.282root 11241100x8000000000000000661986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.282{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee316fd1586cf982021-12-21 12:23:30.282root 11241100x8000000000000000661987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.282{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa23aca6e7263e922021-12-21 12:23:30.282root 11241100x8000000000000000661988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.282{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13d3180bff257a32021-12-21 12:23:30.282root 11241100x8000000000000000661989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.282{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519ede922b7889492021-12-21 12:23:30.282root 11241100x8000000000000000661990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.283{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a3346ac2e608402021-12-21 12:23:30.283root 11241100x8000000000000000661991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.283{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86faffb70543d9322021-12-21 12:23:30.283root 11241100x8000000000000000661992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.283{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9f567972c630182021-12-21 12:23:30.283root 11241100x8000000000000000661993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.283{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb06f149ac9254b2021-12-21 12:23:30.283root 11241100x8000000000000000661994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.283{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4685e4ba9f21e62021-12-21 12:23:30.283root 11241100x8000000000000000661995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.283{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ea27cf41bfea102021-12-21 12:23:30.283root 11241100x8000000000000000661996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.284{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95af392fc0c0442a2021-12-21 12:23:30.284root 11241100x8000000000000000661997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.284{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9d045f5265d22b2021-12-21 12:23:30.284root 11241100x8000000000000000661998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.284{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10027860f9cce9452021-12-21 12:23:30.284root 11241100x8000000000000000661999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.284{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222fe86d16e696e02021-12-21 12:23:30.284root 11241100x8000000000000000662000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.284{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a36f1ef5c8e04822021-12-21 12:23:30.284root 11241100x8000000000000000662001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.284{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8952a8b2c9c89ca72021-12-21 12:23:30.284root 11241100x8000000000000000662002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.284{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af1a40e74a08acd2021-12-21 12:23:30.284root 11241100x8000000000000000662003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.284{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214f4bc3c5a2bc182021-12-21 12:23:30.284root 11241100x8000000000000000662004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.284{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95acc9abebd049e52021-12-21 12:23:30.284root 11241100x8000000000000000662005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.284{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2218786ecd6dbd2021-12-21 12:23:30.284root 11241100x8000000000000000662006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.285{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0beee95ce034c5c32021-12-21 12:23:30.285root 11241100x8000000000000000662007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.285{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5a1ac9127e36e82021-12-21 12:23:30.285root 11241100x8000000000000000662008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.285{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a72d2be6e17a222021-12-21 12:23:30.285root 11241100x8000000000000000662009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.285{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c437316825152c082021-12-21 12:23:30.285root 11241100x8000000000000000662010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.285{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db220e014c949de2021-12-21 12:23:30.285root 11241100x8000000000000000662011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.288{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9ec452f1d38a9a2021-12-21 12:23:30.288root 11241100x8000000000000000662012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.289{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aceec4d98acd79e2021-12-21 12:23:30.289root 11241100x8000000000000000662013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.289{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62edf91decdd3c42021-12-21 12:23:30.289root 11241100x8000000000000000662014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.289{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be97810ac886b09a2021-12-21 12:23:30.289root 11241100x8000000000000000662015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.289{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b703f9a0294b5c2021-12-21 12:23:30.289root 11241100x8000000000000000662016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.289{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3700610dbad445552021-12-21 12:23:30.289root 11241100x8000000000000000662017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.289{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f072ee4adf01c22021-12-21 12:23:30.289root 11241100x8000000000000000662018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.289{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b4dad4b1d8922d2021-12-21 12:23:30.289root 11241100x8000000000000000662019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.289{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbddfdfed136a2e2021-12-21 12:23:30.289root 11241100x8000000000000000662020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.289{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec32e8a435229b6b2021-12-21 12:23:30.289root 11241100x8000000000000000662021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.289{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d1aaafbaa3ddeb2021-12-21 12:23:30.289root 11241100x8000000000000000662022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.289{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd611a95e534d0e2021-12-21 12:23:30.289root 11241100x8000000000000000662023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.290{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ca2790cff5f5b82021-12-21 12:23:30.290root 11241100x8000000000000000662024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.290{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da11c9963ce5abeb2021-12-21 12:23:30.290root 11241100x8000000000000000662025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.290{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4e49f10deebc4d2021-12-21 12:23:30.290root 11241100x8000000000000000662026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.290{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e306dc858644bd2021-12-21 12:23:30.290root 11241100x8000000000000000662027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.290{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19301140de03f8e22021-12-21 12:23:30.290root 11241100x8000000000000000662028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.290{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4872a8d0bba5a9c2021-12-21 12:23:30.290root 11241100x8000000000000000662029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.290{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323be981b7c2f0882021-12-21 12:23:30.290root 11241100x8000000000000000662030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.291{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a775703c996ba822021-12-21 12:23:30.291root 11241100x8000000000000000662031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.291{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282cba5de67d1a372021-12-21 12:23:30.291root 11241100x8000000000000000662032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.291{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375b0351f0792ac42021-12-21 12:23:30.291root 11241100x8000000000000000662033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.291{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1199ac5538e158b02021-12-21 12:23:30.291root 11241100x8000000000000000662034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.291{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f49e9e3e330c6f2021-12-21 12:23:30.291root 11241100x8000000000000000662035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.291{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c6c3e85e8ebc7e2021-12-21 12:23:30.291root 11241100x8000000000000000662036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.291{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c808e174c278972021-12-21 12:23:30.291root 11241100x8000000000000000662037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.291{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bc53365205a7ef2021-12-21 12:23:30.291root 11241100x8000000000000000662038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.291{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ac24a8b15af2152021-12-21 12:23:30.291root 11241100x8000000000000000662039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.292{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b522a96086ce47c2021-12-21 12:23:30.292root 11241100x8000000000000000662040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.292{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e05a957f44aa4eb2021-12-21 12:23:30.292root 11241100x8000000000000000662041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.292{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78f352b2aef15e72021-12-21 12:23:30.292root 11241100x8000000000000000662042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aef5f344b38407e2021-12-21 12:23:30.693root 11241100x8000000000000000662043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0241fb72da91952021-12-21 12:23:30.693root 11241100x8000000000000000662044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140b206c105bf6642021-12-21 12:23:30.693root 11241100x8000000000000000662045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35d7ae6cbacf3822021-12-21 12:23:30.693root 11241100x8000000000000000662046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e9626e66ab20002021-12-21 12:23:30.693root 11241100x8000000000000000662047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7e560245908da02021-12-21 12:23:30.693root 11241100x8000000000000000662048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996c28c3aaa4e2572021-12-21 12:23:30.693root 11241100x8000000000000000662049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94618392ad434c232021-12-21 12:23:30.693root 11241100x8000000000000000662050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab4e4f759e7bbfe2021-12-21 12:23:30.693root 11241100x8000000000000000662051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965f5e9e474ad3992021-12-21 12:23:30.693root 11241100x8000000000000000662052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c4b5fa207a673d2021-12-21 12:23:30.694root 11241100x8000000000000000662053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22af26327e35f6a2021-12-21 12:23:30.694root 11241100x8000000000000000662054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f8cb7f1f4c68b12021-12-21 12:23:30.694root 11241100x8000000000000000662055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eda9f4e9d5ffa852021-12-21 12:23:30.694root 11241100x8000000000000000662056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2520de01a836202021-12-21 12:23:30.694root 11241100x8000000000000000662057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf0d70aef3aace62021-12-21 12:23:30.694root 11241100x8000000000000000662058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433f330d62e553112021-12-21 12:23:30.694root 11241100x8000000000000000662059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b49e08c58021ab42021-12-21 12:23:30.694root 11241100x8000000000000000662060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b639a4bfad7afb2021-12-21 12:23:30.694root 11241100x8000000000000000662061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bf68c6530cef482021-12-21 12:23:30.694root 11241100x8000000000000000662062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4856975e60cf54c12021-12-21 12:23:30.695root 11241100x8000000000000000662063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073a1c59a95ce7b82021-12-21 12:23:30.695root 11241100x8000000000000000662064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1114e20caf080bf2021-12-21 12:23:30.695root 11241100x8000000000000000662065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088e77f1882b46182021-12-21 12:23:30.695root 11241100x8000000000000000662066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8942694cfbb5741b2021-12-21 12:23:30.695root 11241100x8000000000000000662067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94feb5bdaf9dd592021-12-21 12:23:30.695root 11241100x8000000000000000662068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0082f128df8fddd52021-12-21 12:23:30.695root 11241100x8000000000000000662069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad625abad63c4d5d2021-12-21 12:23:30.695root 11241100x8000000000000000662070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d7239787bebd882021-12-21 12:23:30.695root 11241100x8000000000000000662071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cdcc0679b000ae2021-12-21 12:23:30.696root 11241100x8000000000000000662072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56760a69ff0be642021-12-21 12:23:30.696root 11241100x8000000000000000662073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7c8f9a41c443162021-12-21 12:23:30.696root 11241100x8000000000000000662074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff2d96e8906fd402021-12-21 12:23:30.696root 11241100x8000000000000000662075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d593b3b7301b60872021-12-21 12:23:30.696root 11241100x8000000000000000662076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c26a69a3edca0d72021-12-21 12:23:30.696root 11241100x8000000000000000662077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346b21bd304e0a4a2021-12-21 12:23:30.696root 11241100x8000000000000000662078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42733f2ca3883c1e2021-12-21 12:23:30.696root 11241100x8000000000000000662079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b9d9413fd4fe5b2021-12-21 12:23:30.696root 11241100x8000000000000000662080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722c7fb452a7639e2021-12-21 12:23:30.696root 11241100x8000000000000000662081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01589c166cae59672021-12-21 12:23:30.697root 11241100x8000000000000000662082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61118d41feab0812021-12-21 12:23:30.697root 11241100x8000000000000000662083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f86c8be4de8c21b2021-12-21 12:23:30.697root 11241100x8000000000000000662084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdff29372904c6b2021-12-21 12:23:30.697root 11241100x8000000000000000662085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be29aaa2205c3be2021-12-21 12:23:30.697root 11241100x8000000000000000662086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735171eb287ba49f2021-12-21 12:23:30.697root 11241100x8000000000000000662087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2632add40c8d8d42021-12-21 12:23:30.697root 11241100x8000000000000000662088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9654a7786e95306e2021-12-21 12:23:30.697root 11241100x8000000000000000662089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d236d04f84e5e42021-12-21 12:23:30.697root 11241100x8000000000000000662090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60ce9132e27a8222021-12-21 12:23:30.697root 11241100x8000000000000000662091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62aea4b82c4d4be2021-12-21 12:23:30.698root 11241100x8000000000000000662092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8149937fd0aba152021-12-21 12:23:30.698root 11241100x8000000000000000662093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af8338d1bc41e9d2021-12-21 12:23:30.698root 11241100x8000000000000000662094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba4807bca0d2bb62021-12-21 12:23:30.698root 11241100x8000000000000000662095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77be9b109ea046522021-12-21 12:23:30.698root 11241100x8000000000000000662096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0dc4cfb930dbd2c2021-12-21 12:23:30.698root 11241100x8000000000000000662097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76fe6222080707a2021-12-21 12:23:30.698root 11241100x8000000000000000662098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cd619f47ca6a422021-12-21 12:23:30.698root 11241100x8000000000000000662099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254c01b27119b6bd2021-12-21 12:23:30.698root 11241100x8000000000000000662100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ff628dc47c0b442021-12-21 12:23:30.699root 11241100x8000000000000000662101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcb43b06b7c22142021-12-21 12:23:30.699root 11241100x8000000000000000662102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814bf770bece02572021-12-21 12:23:30.699root 11241100x8000000000000000662103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c828de1d5bb96a32021-12-21 12:23:30.699root 11241100x8000000000000000662104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c63577cf999b1c52021-12-21 12:23:30.699root 11241100x8000000000000000662105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7153eb4d7b13fb2021-12-21 12:23:30.699root 11241100x8000000000000000662106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f6c50f85931e262021-12-21 12:23:30.699root 11241100x8000000000000000662107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97e13ca0048f6362021-12-21 12:23:30.699root 11241100x8000000000000000662108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34998c03a195e9c12021-12-21 12:23:30.699root 11241100x8000000000000000662109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2373ed576dfe82fa2021-12-21 12:23:30.700root 11241100x8000000000000000662110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88549e0b5cbd98c22021-12-21 12:23:30.700root 11241100x8000000000000000662111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e48c2a68beda4c2021-12-21 12:23:30.700root 11241100x8000000000000000662112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e39b5ea3ef29e72021-12-21 12:23:30.700root 11241100x8000000000000000662113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fe28cf95d8d5ed2021-12-21 12:23:30.700root 11241100x8000000000000000662114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54192a5efa7b5ae12021-12-21 12:23:30.700root 11241100x8000000000000000662115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb5260633bf3e7f2021-12-21 12:23:30.700root 11241100x8000000000000000662116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e1170b9bdf49542021-12-21 12:23:30.700root 11241100x8000000000000000662117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8fba24370b11d22021-12-21 12:23:30.700root 11241100x8000000000000000662118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63539565e3eeb5252021-12-21 12:23:30.701root 11241100x8000000000000000662119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab58d63a61181d22021-12-21 12:23:30.702root 11241100x8000000000000000662120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a2d7f33d35392f2021-12-21 12:23:30.702root 11241100x8000000000000000662121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613b9d4f8b9a7d1b2021-12-21 12:23:30.702root 11241100x8000000000000000662122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1174cc78b7eb05b52021-12-21 12:23:30.702root 11241100x8000000000000000662123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689e7580ee9b9c0b2021-12-21 12:23:30.702root 11241100x8000000000000000662124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698bd351732c99f62021-12-21 12:23:30.702root 11241100x8000000000000000662125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d9d1f0f616bd532021-12-21 12:23:30.703root 11241100x8000000000000000662126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bb4b977cb5fa9c2021-12-21 12:23:30.703root 11241100x8000000000000000662127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a085d42e188ad0082021-12-21 12:23:30.703root 11241100x8000000000000000662128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fb07e5ebd130182021-12-21 12:23:30.703root 11241100x8000000000000000662129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a374a0d72785e44e2021-12-21 12:23:30.703root 11241100x8000000000000000662130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1cc24eafac6d362021-12-21 12:23:30.703root 11241100x8000000000000000662131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb017757c79dc1302021-12-21 12:23:30.704root 11241100x8000000000000000662132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9dd86dcde3f3b92021-12-21 12:23:30.704root 11241100x8000000000000000662133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff69c6256a936eb72021-12-21 12:23:30.704root 11241100x8000000000000000662134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:30.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58cdf5533a283982021-12-21 12:23:30.704root 11241100x8000000000000000662135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ec988e73fe6d312021-12-21 12:23:31.193root 11241100x8000000000000000662136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a84f656616ba81a2021-12-21 12:23:31.193root 11241100x8000000000000000662137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50a7ec0f939e6112021-12-21 12:23:31.193root 11241100x8000000000000000662138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4c74dab432f5552021-12-21 12:23:31.193root 11241100x8000000000000000662139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d71d4e3566d30f2021-12-21 12:23:31.193root 354300x8000000000000000662140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.193{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49920-false10.0.1.12-8000- 11241100x8000000000000000662141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bc038c996b61bb2021-12-21 12:23:31.194root 11241100x8000000000000000662142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03104e4973fd67c2021-12-21 12:23:31.194root 11241100x8000000000000000662143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a1f416d2fbfb932021-12-21 12:23:31.194root 11241100x8000000000000000662144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfc08e1b355c5e32021-12-21 12:23:31.194root 11241100x8000000000000000662145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e4efcaef78a6512021-12-21 12:23:31.194root 11241100x8000000000000000662146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0065961a1198742a2021-12-21 12:23:31.194root 11241100x8000000000000000662147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f184cd4023a2ae8e2021-12-21 12:23:31.194root 11241100x8000000000000000662148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35aa721f9b2b3e702021-12-21 12:23:31.194root 11241100x8000000000000000662149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b0faeee896f3b72021-12-21 12:23:31.194root 11241100x8000000000000000662150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6abf8355df38f22f2021-12-21 12:23:31.194root 11241100x8000000000000000662151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ff130e4ee9377b2021-12-21 12:23:31.194root 11241100x8000000000000000662152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52df0c278cf30c512021-12-21 12:23:31.194root 11241100x8000000000000000662153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae7ec4df2b411fe2021-12-21 12:23:31.194root 11241100x8000000000000000662154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adbce69451787a82021-12-21 12:23:31.194root 11241100x8000000000000000662155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e715eb22b969d642021-12-21 12:23:31.194root 11241100x8000000000000000662156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda7ba6c618e795b2021-12-21 12:23:31.195root 11241100x8000000000000000662157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfce2bd6d8fa8502021-12-21 12:23:31.195root 11241100x8000000000000000662158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059607318f27e1c92021-12-21 12:23:31.195root 11241100x8000000000000000662159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee9b4bb649c63f32021-12-21 12:23:31.195root 11241100x8000000000000000662160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7092c4f600cc7a332021-12-21 12:23:31.195root 11241100x8000000000000000662161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131d693337c7d03a2021-12-21 12:23:31.195root 11241100x8000000000000000662162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9565adc2115dbf32021-12-21 12:23:31.195root 11241100x8000000000000000662163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6593e57ebd16647d2021-12-21 12:23:31.195root 11241100x8000000000000000662164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd96dabe1ea5ec02021-12-21 12:23:31.195root 11241100x8000000000000000662165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca251618d00372542021-12-21 12:23:31.195root 11241100x8000000000000000662166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a240dbcd2a3b43e02021-12-21 12:23:31.195root 11241100x8000000000000000662167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb0ee92177b47162021-12-21 12:23:31.195root 11241100x8000000000000000662168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f369756a9e6781f2021-12-21 12:23:31.195root 11241100x8000000000000000662169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b47e7c868a432b2021-12-21 12:23:31.195root 11241100x8000000000000000662170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b59570a87a313f72021-12-21 12:23:31.195root 11241100x8000000000000000662171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d464bcd6cd4cd22021-12-21 12:23:31.196root 11241100x8000000000000000662172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d5546adc7408b92021-12-21 12:23:31.196root 11241100x8000000000000000662173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59f5e68ce5966062021-12-21 12:23:31.196root 11241100x8000000000000000662174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df3e1040afcd4f92021-12-21 12:23:31.196root 11241100x8000000000000000662175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3aa0e85eb2fad302021-12-21 12:23:31.196root 11241100x8000000000000000662176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ba1781a5e18d102021-12-21 12:23:31.196root 11241100x8000000000000000662177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d767c739083f0fa2021-12-21 12:23:31.196root 11241100x8000000000000000662178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b94cf512e0cc68b2021-12-21 12:23:31.196root 11241100x8000000000000000662179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3889997a32fb4d42021-12-21 12:23:31.196root 11241100x8000000000000000662180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd17f7a984f5f0f2021-12-21 12:23:31.196root 11241100x8000000000000000662181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce9aa9d883b71c92021-12-21 12:23:31.199root 11241100x8000000000000000662182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86220b358f3ed4f02021-12-21 12:23:31.199root 11241100x8000000000000000662183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12739c76f3b4bc1b2021-12-21 12:23:31.199root 11241100x8000000000000000662184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30bb7ea9c4493a22021-12-21 12:23:31.200root 11241100x8000000000000000662185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce330e960efee15d2021-12-21 12:23:31.200root 11241100x8000000000000000662186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1789c641f5bbb7f2021-12-21 12:23:31.200root 11241100x8000000000000000662187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a943c6e61fbca842021-12-21 12:23:31.200root 11241100x8000000000000000662188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3dc4e986b6587132021-12-21 12:23:31.201root 11241100x8000000000000000662189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6939de738dd25be2021-12-21 12:23:31.201root 11241100x8000000000000000662190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970febb89d53e6232021-12-21 12:23:31.201root 11241100x8000000000000000662191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50aadc00377bb1732021-12-21 12:23:31.201root 11241100x8000000000000000662192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976d5e34a424fc112021-12-21 12:23:31.201root 11241100x8000000000000000662193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1db402bd7692b42021-12-21 12:23:31.201root 11241100x8000000000000000662194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9bb42336d7382a2021-12-21 12:23:31.201root 11241100x8000000000000000662195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706d4f7b3a284e2d2021-12-21 12:23:31.201root 11241100x8000000000000000662196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65e11dd02ddd9e62021-12-21 12:23:31.201root 11241100x8000000000000000662197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8392673f2380c612021-12-21 12:23:31.203root 11241100x8000000000000000662198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bdb484bee5d5862021-12-21 12:23:31.203root 11241100x8000000000000000662199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e384d073f29adb142021-12-21 12:23:31.203root 11241100x8000000000000000662200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfae3c4969a024e2021-12-21 12:23:31.204root 11241100x8000000000000000662201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3952cac83aad7b62021-12-21 12:23:31.204root 11241100x8000000000000000662202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6350801fbf40cec62021-12-21 12:23:31.204root 11241100x8000000000000000662203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f9eb64001aa26c2021-12-21 12:23:31.204root 11241100x8000000000000000662204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b4bca288d6c8502021-12-21 12:23:31.204root 11241100x8000000000000000662205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ae20140418600d2021-12-21 12:23:31.204root 11241100x8000000000000000662206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7dd539cfa84d482021-12-21 12:23:31.204root 11241100x8000000000000000662207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a28ed67d6c2d2542021-12-21 12:23:31.204root 11241100x8000000000000000662208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6acaedf9edd9272021-12-21 12:23:31.204root 11241100x8000000000000000662209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ca498329aed7fa2021-12-21 12:23:31.204root 11241100x8000000000000000662210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43ef414db8e68132021-12-21 12:23:31.204root 11241100x8000000000000000662211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44d84ddc38f77b72021-12-21 12:23:31.206root 11241100x8000000000000000662212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037e098e52955f1c2021-12-21 12:23:31.206root 11241100x8000000000000000662213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d32fdc333116382021-12-21 12:23:31.206root 11241100x8000000000000000662214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb66a5b3edb773c2021-12-21 12:23:31.207root 11241100x8000000000000000662215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae9cb2b56c827f62021-12-21 12:23:31.207root 11241100x8000000000000000662216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6ac92d9e91133e2021-12-21 12:23:31.207root 11241100x8000000000000000662217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0a3cd536bcd7962021-12-21 12:23:31.207root 11241100x8000000000000000662218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8538c997ddf8f80f2021-12-21 12:23:31.207root 11241100x8000000000000000662219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0ebf02a960b2062021-12-21 12:23:31.207root 11241100x8000000000000000662220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74cd1cfa9895c7e2021-12-21 12:23:31.207root 11241100x8000000000000000662221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c246c4857a3af13e2021-12-21 12:23:31.208root 11241100x8000000000000000662222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64be8f2c7c329e52021-12-21 12:23:31.208root 11241100x8000000000000000662223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bca5a0887851df52021-12-21 12:23:31.208root 11241100x8000000000000000662224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d45e6fd5d105cf02021-12-21 12:23:31.208root 11241100x8000000000000000662225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251c99d91f7fd5f72021-12-21 12:23:31.208root 11241100x8000000000000000662226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc783541e9ab6d82021-12-21 12:23:31.208root 11241100x8000000000000000662227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2519c5ff5e79e72021-12-21 12:23:31.208root 11241100x8000000000000000662228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f98bf3522671b92021-12-21 12:23:31.208root 11241100x8000000000000000662229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e389c793bd93c532021-12-21 12:23:31.209root 11241100x8000000000000000662230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad80e3900af984002021-12-21 12:23:31.209root 11241100x8000000000000000662231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb0f6545a835c132021-12-21 12:23:31.209root 11241100x8000000000000000662232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6dccbd7f3982b72021-12-21 12:23:31.209root 11241100x8000000000000000662233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d72fcb8c0d7ea7b2021-12-21 12:23:31.209root 11241100x8000000000000000662234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a3bb415d86fa362021-12-21 12:23:31.209root 11241100x8000000000000000662235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74c55674231c1672021-12-21 12:23:31.209root 11241100x8000000000000000662236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de73d6584f172be2021-12-21 12:23:31.209root 11241100x8000000000000000662237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1949d231705dd8202021-12-21 12:23:31.209root 11241100x8000000000000000662238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:31.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92199051a83e801e2021-12-21 12:23:31.209root 354300x8000000000000000662327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:53.144{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49928-false10.0.1.12-8000- 11241100x8000000000000000662328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:53.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b09c91a27e72822021-12-21 12:23:53.442root 11241100x8000000000000000662329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:53.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cae613dfa5b372b2021-12-21 12:23:53.942root 11241100x8000000000000000662330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:54.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc31ed5e3f680752021-12-21 12:23:54.442root 11241100x8000000000000000662331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:54.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837a4bfbad882b152021-12-21 12:23:54.942root 11241100x8000000000000000662332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:55.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b1ecc0bdcaa3b72021-12-21 12:23:55.442root 11241100x8000000000000000662333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:55.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bda47164075b8262021-12-21 12:23:55.942root 11241100x8000000000000000662334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:56.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc10e0f6291141ac2021-12-21 12:23:56.442root 11241100x8000000000000000662335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:56.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d87f525b7f04f72021-12-21 12:23:56.942root 11241100x8000000000000000662336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:57.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fea31bef4a336642021-12-21 12:23:57.442root 11241100x8000000000000000662337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:57.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927eacdc96f59ba12021-12-21 12:23:57.942root 11241100x8000000000000000662338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:58.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce75b2cc321aa6c2021-12-21 12:23:58.442root 11241100x8000000000000000662339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65afe4c4165f550a2021-12-21 12:23:58.943root 354300x8000000000000000662340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:59.054{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49930-false10.0.1.12-8000- 11241100x8000000000000000662341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:59.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe95c2cd56736df82021-12-21 12:23:59.442root 11241100x8000000000000000662342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8934aed15314e602021-12-21 12:23:59.443root 11241100x8000000000000000662343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:59.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53934af4205f218e2021-12-21 12:23:59.942root 11241100x8000000000000000662344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:23:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32904fdc4e082152021-12-21 12:23:59.943root 11241100x8000000000000000662345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:00.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767f01f46e75b4292021-12-21 12:24:00.442root 11241100x8000000000000000662346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c669ebac614e6bcf2021-12-21 12:24:00.443root 11241100x8000000000000000662347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:00.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2021f3e1c368e0f2021-12-21 12:24:00.942root 11241100x8000000000000000662348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d2852b321f23fd2021-12-21 12:24:00.943root 11241100x8000000000000000662349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:01.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9d276cbeab048f2021-12-21 12:24:01.442root 11241100x8000000000000000662350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402f7f4411b61f2a2021-12-21 12:24:01.443root 11241100x8000000000000000662351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:01.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc8284fc89f4a662021-12-21 12:24:01.942root 11241100x8000000000000000662352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f57f31812d1c4a2021-12-21 12:24:01.943root 11241100x8000000000000000662353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:02.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aab5d51850d14b12021-12-21 12:24:02.442root 11241100x8000000000000000662354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:02.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd6fe8afd91c3822021-12-21 12:24:02.442root 11241100x8000000000000000662355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:02.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06e38121fca42762021-12-21 12:24:02.942root 11241100x8000000000000000662356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:02.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea4d251d8a78d742021-12-21 12:24:02.942root 11241100x8000000000000000662357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:03.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642a1f2d71224f172021-12-21 12:24:03.442root 11241100x8000000000000000662358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:03.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b49b8a85577926f2021-12-21 12:24:03.442root 11241100x8000000000000000662359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:03.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf771a1e4178c462021-12-21 12:24:03.942root 11241100x8000000000000000662360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:03.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c13258c3c92a8e42021-12-21 12:24:03.942root 354300x8000000000000000662361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:04.165{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49932-false10.0.1.12-8000- 11241100x8000000000000000662362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:04.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e603426b3d517fa42021-12-21 12:24:04.442root 11241100x8000000000000000662363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ac9366f383f4b92021-12-21 12:24:04.443root 11241100x8000000000000000662364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0601cae2dd3b27442021-12-21 12:24:04.443root 11241100x8000000000000000662365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:04.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c42ba5043f8a1f12021-12-21 12:24:04.942root 11241100x8000000000000000662366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5df50bc06e29d62021-12-21 12:24:04.943root 11241100x8000000000000000662367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eace9217354b0912021-12-21 12:24:04.943root 11241100x8000000000000000662368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:05.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992de0e1cbf704c32021-12-21 12:24:05.442root 11241100x8000000000000000662369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbff30cd82e607892021-12-21 12:24:05.443root 11241100x8000000000000000662370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738c5be0e340e6052021-12-21 12:24:05.443root 11241100x8000000000000000662371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:05.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e64480eceac14562021-12-21 12:24:05.942root 11241100x8000000000000000662372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f5449f3fb647832021-12-21 12:24:05.943root 11241100x8000000000000000662373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf18c1d22d66fd432021-12-21 12:24:05.943root 11241100x8000000000000000662374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:06.141{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 12:24:06.141root 11241100x8000000000000000662375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:06.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e338558e57b3a6182021-12-21 12:24:06.442root 11241100x8000000000000000662376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4018fabca516a9f2021-12-21 12:24:06.443root 11241100x8000000000000000662377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e294f28631202042021-12-21 12:24:06.443root 11241100x8000000000000000662378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4122c746cb5ad11a2021-12-21 12:24:06.443root 11241100x8000000000000000662379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:06.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e6009b8657f3622021-12-21 12:24:06.942root 11241100x8000000000000000662380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760e3822541c44c32021-12-21 12:24:06.943root 11241100x8000000000000000662381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a1f7696b7043e72021-12-21 12:24:06.943root 11241100x8000000000000000662382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8758461d7a526deb2021-12-21 12:24:06.943root 11241100x8000000000000000662383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:07.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa76fdf7abebd0c2021-12-21 12:24:07.442root 11241100x8000000000000000662384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125b0808102b08d72021-12-21 12:24:07.443root 11241100x8000000000000000662385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8473655aa0a2ff152021-12-21 12:24:07.443root 11241100x8000000000000000662386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609a23ea60e189cf2021-12-21 12:24:07.443root 11241100x8000000000000000662387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:07.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da81fccb85fef6732021-12-21 12:24:07.942root 11241100x8000000000000000662388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c06ba0771e583152021-12-21 12:24:07.943root 11241100x8000000000000000662389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e5cc1f36976d8a2021-12-21 12:24:07.943root 11241100x8000000000000000662390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ee5390be18b4f42021-12-21 12:24:07.943root 11241100x8000000000000000662391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:08.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de67fca66f42d982021-12-21 12:24:08.442root 11241100x8000000000000000662392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9951faf6021b6502021-12-21 12:24:08.443root 11241100x8000000000000000662393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7acd19e4dd1dcd2d2021-12-21 12:24:08.443root 11241100x8000000000000000662394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ba2b5d0787baba2021-12-21 12:24:08.443root 11241100x8000000000000000662395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:08.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7eaffe6df598cf82021-12-21 12:24:08.942root 11241100x8000000000000000662396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259b686eed038f3e2021-12-21 12:24:08.943root 11241100x8000000000000000662397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c33aef3b1fa4272021-12-21 12:24:08.943root 11241100x8000000000000000662398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c572baf2472fea2021-12-21 12:24:08.943root 23542300x8000000000000000662399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:09.142{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000662400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:09.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9659e7ef473891402021-12-21 12:24:09.442root 11241100x8000000000000000662401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadb06dca72dc0d42021-12-21 12:24:09.443root 11241100x8000000000000000662402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ba3ad4f37981c52021-12-21 12:24:09.443root 11241100x8000000000000000662403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00886a5d827ceb42021-12-21 12:24:09.443root 11241100x8000000000000000662404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96d5c04edffccb32021-12-21 12:24:09.443root 11241100x8000000000000000662405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9ab47e1294a7752021-12-21 12:24:09.943root 11241100x8000000000000000662406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07555ecb373e3792021-12-21 12:24:09.943root 11241100x8000000000000000662407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eea0e5284158cf52021-12-21 12:24:09.943root 11241100x8000000000000000662408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f98c9c92732b582021-12-21 12:24:09.943root 11241100x8000000000000000662409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d5540a58e8cc042021-12-21 12:24:09.943root 354300x8000000000000000662410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:10.157{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49934-false10.0.1.12-8000- 11241100x8000000000000000662411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1836dcc917898c742021-12-21 12:24:10.443root 11241100x8000000000000000662412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894573f37ca8fcd72021-12-21 12:24:10.443root 11241100x8000000000000000662413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edce02a8623fcbfe2021-12-21 12:24:10.443root 11241100x8000000000000000662414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eefd89a5de9324a2021-12-21 12:24:10.443root 11241100x8000000000000000662415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc47835d0e207b92021-12-21 12:24:10.443root 11241100x8000000000000000662416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31257283975fa8842021-12-21 12:24:10.443root 11241100x8000000000000000662417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e53f43e1f572502021-12-21 12:24:10.943root 11241100x8000000000000000662418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6654717dec3da12021-12-21 12:24:10.943root 11241100x8000000000000000662419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b902d60ea006860a2021-12-21 12:24:10.943root 11241100x8000000000000000662420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa563ff4e917934b2021-12-21 12:24:10.943root 11241100x8000000000000000662421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0023e7e1bfee2a832021-12-21 12:24:10.943root 11241100x8000000000000000662422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6c5a11f9c910e82021-12-21 12:24:10.943root 11241100x8000000000000000662423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0990cc2913ba33492021-12-21 12:24:11.443root 11241100x8000000000000000662424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cae2e50a687eb72021-12-21 12:24:11.443root 11241100x8000000000000000662425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a274da3ec936dc2021-12-21 12:24:11.443root 11241100x8000000000000000662426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea63a9e7c5fd9a792021-12-21 12:24:11.443root 11241100x8000000000000000662427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1170243e7e0652ae2021-12-21 12:24:11.443root 11241100x8000000000000000662428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f002350fce82f532021-12-21 12:24:11.443root 11241100x8000000000000000662429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b68c7b99f8257b2021-12-21 12:24:11.943root 11241100x8000000000000000662430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08586d2582deedba2021-12-21 12:24:11.943root 11241100x8000000000000000662431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb28b702eba4d63c2021-12-21 12:24:11.943root 11241100x8000000000000000662432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504442599f50a9962021-12-21 12:24:11.943root 11241100x8000000000000000662433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0164a9dbe063172021-12-21 12:24:11.943root 11241100x8000000000000000662434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab0ee495838e83b2021-12-21 12:24:11.943root 11241100x8000000000000000662435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c0f7c3fb376e502021-12-21 12:24:12.443root 11241100x8000000000000000662436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bf228ac23198332021-12-21 12:24:12.443root 11241100x8000000000000000662437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f27c5894f7329e62021-12-21 12:24:12.443root 11241100x8000000000000000662438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ce975b99eb7f8e2021-12-21 12:24:12.443root 11241100x8000000000000000662439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8204a96bd4384d372021-12-21 12:24:12.443root 11241100x8000000000000000662440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccc67a8e3cf77442021-12-21 12:24:12.443root 154100x8000000000000000662441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:12.664{ec2b6afe-c76c-61c1-68a4-0c99d4550000}10110/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000662442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:12.674{ec2b6afe-c76c-61c1-68a4-0c99d4550000}10110/bin/psroot 11241100x8000000000000000662443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d67580b8acc8652021-12-21 12:24:12.943root 11241100x8000000000000000662444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ac76d8789ed8f42021-12-21 12:24:12.943root 11241100x8000000000000000662445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362884e463202f982021-12-21 12:24:12.943root 11241100x8000000000000000662446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be47df6a1a09770f2021-12-21 12:24:12.943root 11241100x8000000000000000662447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3cb48ead4a20672021-12-21 12:24:12.943root 11241100x8000000000000000662448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787656cba4d5ac852021-12-21 12:24:12.943root 11241100x8000000000000000662449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ef1f7a59144a4f2021-12-21 12:24:12.944root 11241100x8000000000000000662450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae5a9f4c41701352021-12-21 12:24:12.944root 11241100x8000000000000000662451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9acf873029549742021-12-21 12:24:13.443root 11241100x8000000000000000662452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99d2f50498b70e22021-12-21 12:24:13.443root 11241100x8000000000000000662453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9588004b3b082c582021-12-21 12:24:13.443root 11241100x8000000000000000662454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b47c7c7f0c8c65a2021-12-21 12:24:13.443root 11241100x8000000000000000662455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410b2651356f26a82021-12-21 12:24:13.443root 11241100x8000000000000000662456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c152e87820a437312021-12-21 12:24:13.443root 11241100x8000000000000000662457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d5fbb928f97cff2021-12-21 12:24:13.443root 11241100x8000000000000000662458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d9463654be6b062021-12-21 12:24:13.443root 11241100x8000000000000000662459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70ff95a3f4c9b082021-12-21 12:24:13.943root 11241100x8000000000000000662460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf3a1fd5ab298ed2021-12-21 12:24:13.943root 11241100x8000000000000000662461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3911001b027629232021-12-21 12:24:13.943root 11241100x8000000000000000662462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea4d03d450ad80c2021-12-21 12:24:13.943root 11241100x8000000000000000662463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064f7e2feef7600f2021-12-21 12:24:13.943root 11241100x8000000000000000662464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2447ca2734b783952021-12-21 12:24:13.943root 11241100x8000000000000000662465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cc3735e1a3b83a2021-12-21 12:24:13.943root 11241100x8000000000000000662466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b364f9eb483ebe4c2021-12-21 12:24:13.943root 11241100x8000000000000000662467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4232e322be842702021-12-21 12:24:14.443root 11241100x8000000000000000662468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f530cf2ed0d852e2021-12-21 12:24:14.443root 11241100x8000000000000000662469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc35e565a4a3371a2021-12-21 12:24:14.443root 11241100x8000000000000000662470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3e90c0b05198c32021-12-21 12:24:14.443root 11241100x8000000000000000662471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d14c24e4aed6322021-12-21 12:24:14.443root 11241100x8000000000000000662472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97c7d2a1aba77682021-12-21 12:24:14.443root 11241100x8000000000000000662473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec32a82b74e9f8e52021-12-21 12:24:14.443root 11241100x8000000000000000662474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e4eb51b14823432021-12-21 12:24:14.443root 11241100x8000000000000000662475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f16e6fbb63edb02021-12-21 12:24:14.943root 11241100x8000000000000000662476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2797792207f4e84e2021-12-21 12:24:14.943root 11241100x8000000000000000662477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93591b3d591045352021-12-21 12:24:14.943root 11241100x8000000000000000662478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413a6fee934567fb2021-12-21 12:24:14.943root 11241100x8000000000000000662479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4a206c229384932021-12-21 12:24:14.943root 11241100x8000000000000000662480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3386cd4a6bb9ef7b2021-12-21 12:24:14.943root 11241100x8000000000000000662481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4779fa6f75c6a5282021-12-21 12:24:14.943root 11241100x8000000000000000662482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4823d2f7a18e322021-12-21 12:24:14.944root 11241100x8000000000000000662483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0421f0f9b1b15922021-12-21 12:24:15.443root 11241100x8000000000000000662484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41dd341acb005b82021-12-21 12:24:15.443root 11241100x8000000000000000662485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb396043e7949afd2021-12-21 12:24:15.443root 11241100x8000000000000000662486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e0bf97603129ea2021-12-21 12:24:15.443root 11241100x8000000000000000662487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1245a212e6eb39ce2021-12-21 12:24:15.443root 11241100x8000000000000000662488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120f4fc43e13696d2021-12-21 12:24:15.443root 11241100x8000000000000000662489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3f52a665cb2bb12021-12-21 12:24:15.443root 11241100x8000000000000000662490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77281bfd47563fe72021-12-21 12:24:15.443root 11241100x8000000000000000662491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a816fc49ce88496b2021-12-21 12:24:15.943root 11241100x8000000000000000662492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2b8036978412182021-12-21 12:24:15.943root 11241100x8000000000000000662493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2541b67b7b8ec82021-12-21 12:24:15.943root 11241100x8000000000000000662494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd565e2e005410ef2021-12-21 12:24:15.943root 11241100x8000000000000000662495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2071c3f572109e632021-12-21 12:24:15.943root 11241100x8000000000000000662496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517fed38f36b56c72021-12-21 12:24:15.943root 11241100x8000000000000000662497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde4705c07c365782021-12-21 12:24:15.943root 11241100x8000000000000000662498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa8e1be8d4130e52021-12-21 12:24:15.943root 354300x8000000000000000662499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:16.100{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49936-false10.0.1.12-8000- 11241100x8000000000000000662500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2682c0b8c88b22dc2021-12-21 12:24:16.443root 11241100x8000000000000000662501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c310d9bd7b6d712021-12-21 12:24:16.443root 11241100x8000000000000000662502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8fb755cfff896c2021-12-21 12:24:16.443root 11241100x8000000000000000662503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685347d3b527c2092021-12-21 12:24:16.444root 11241100x8000000000000000662504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279b07270e01ca272021-12-21 12:24:16.444root 11241100x8000000000000000662505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02531c7da7eb6bec2021-12-21 12:24:16.444root 11241100x8000000000000000662506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e981b1f607703d22021-12-21 12:24:16.444root 11241100x8000000000000000662507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2544d6a5fc38ca12021-12-21 12:24:16.444root 11241100x8000000000000000662508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d921d73b0c2b71ef2021-12-21 12:24:16.444root 11241100x8000000000000000662509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e073e85728f9fe02021-12-21 12:24:16.943root 11241100x8000000000000000662510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b070db7d7cd2ff772021-12-21 12:24:16.943root 11241100x8000000000000000662511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37defaa6cca8439a2021-12-21 12:24:16.943root 11241100x8000000000000000662512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e223cc7d665474f2021-12-21 12:24:16.943root 11241100x8000000000000000662513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cb72ffed48f25d2021-12-21 12:24:16.943root 11241100x8000000000000000662514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68263a2cf99d5852021-12-21 12:24:16.943root 11241100x8000000000000000662515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008a18e62a9fd69b2021-12-21 12:24:16.943root 11241100x8000000000000000662516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937e9910a21fc0a72021-12-21 12:24:16.943root 11241100x8000000000000000662517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79a8668c3751ba82021-12-21 12:24:16.943root 11241100x8000000000000000662518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c9ac8f8ad49d072021-12-21 12:24:17.443root 11241100x8000000000000000662519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfc43eb46acff152021-12-21 12:24:17.443root 11241100x8000000000000000662520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db0d04a07f83d212021-12-21 12:24:17.443root 11241100x8000000000000000662521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5930bbc263fbbb2021-12-21 12:24:17.443root 11241100x8000000000000000662522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97162048d86b4e282021-12-21 12:24:17.443root 11241100x8000000000000000662523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db849b0c0cce6fe52021-12-21 12:24:17.443root 11241100x8000000000000000662524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2420362e05d5c602021-12-21 12:24:17.443root 11241100x8000000000000000662525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e48a432e52b0b972021-12-21 12:24:17.444root 11241100x8000000000000000662526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621563ea9223f5982021-12-21 12:24:17.444root 11241100x8000000000000000662527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339f0e66c6c3a37e2021-12-21 12:24:17.943root 11241100x8000000000000000662528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9644a127b6bb5db92021-12-21 12:24:17.943root 11241100x8000000000000000662529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae58673611e5659d2021-12-21 12:24:17.943root 11241100x8000000000000000662530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0f2a6b42be3fdb2021-12-21 12:24:17.943root 11241100x8000000000000000662531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb554a7ef3593232021-12-21 12:24:17.943root 11241100x8000000000000000662532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c2ceef0a67ede42021-12-21 12:24:17.943root 11241100x8000000000000000662533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90bda483e3c330e2021-12-21 12:24:17.943root 11241100x8000000000000000662534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75c6a123e8727a42021-12-21 12:24:17.943root 11241100x8000000000000000662535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a667fc73004ba3d12021-12-21 12:24:17.943root 11241100x8000000000000000662536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f46c72c6e5402c2021-12-21 12:24:18.443root 11241100x8000000000000000662537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a3f77f4e9aa6ae2021-12-21 12:24:18.443root 11241100x8000000000000000662538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8dd9a77fbb46352021-12-21 12:24:18.443root 11241100x8000000000000000662539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f6a824456764862021-12-21 12:24:18.443root 11241100x8000000000000000662540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7b0e453572f5eb2021-12-21 12:24:18.443root 11241100x8000000000000000662541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884db39cff7434b82021-12-21 12:24:18.443root 11241100x8000000000000000662542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94effa03f7ffa2762021-12-21 12:24:18.443root 11241100x8000000000000000662543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0362c442a57a29ed2021-12-21 12:24:18.443root 11241100x8000000000000000662544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9faa84ef9563a72021-12-21 12:24:18.444root 11241100x8000000000000000662545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658d3dc940a674302021-12-21 12:24:18.943root 11241100x8000000000000000662546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efb8322918845702021-12-21 12:24:18.943root 11241100x8000000000000000662547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a81f1306a25bc282021-12-21 12:24:18.943root 11241100x8000000000000000662548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f65e6a781ced2512021-12-21 12:24:18.945root 11241100x8000000000000000662549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9bdd70f8fbe94c2021-12-21 12:24:18.945root 11241100x8000000000000000662550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85be08387e1d5a852021-12-21 12:24:18.945root 11241100x8000000000000000662551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc06f3f7d0fb71cc2021-12-21 12:24:18.945root 11241100x8000000000000000662552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91cf47c4550de04e2021-12-21 12:24:18.945root 11241100x8000000000000000662553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c955557a31dc0a2021-12-21 12:24:18.945root 11241100x8000000000000000662554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c574eaf62fd388a62021-12-21 12:24:19.443root 11241100x8000000000000000662555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c57c6c7ba163ef2021-12-21 12:24:19.443root 11241100x8000000000000000662556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91718cd34491bc842021-12-21 12:24:19.443root 11241100x8000000000000000662557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6179eb1769b874c32021-12-21 12:24:19.443root 11241100x8000000000000000662558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ff7813f96d73892021-12-21 12:24:19.443root 11241100x8000000000000000662559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a361d79dab3d8b2021-12-21 12:24:19.443root 11241100x8000000000000000662560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20b025e2db8e5fe2021-12-21 12:24:19.443root 11241100x8000000000000000662561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ca7054137addb02021-12-21 12:24:19.444root 11241100x8000000000000000662562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad089ff9559fe5282021-12-21 12:24:19.444root 11241100x8000000000000000662563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b680410daabf8962021-12-21 12:24:19.943root 11241100x8000000000000000662564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf3c8f2fdc060092021-12-21 12:24:19.943root 11241100x8000000000000000662565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903da8ff3f7d5ffd2021-12-21 12:24:19.943root 11241100x8000000000000000662566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d138fc7fe4d8c462021-12-21 12:24:19.943root 11241100x8000000000000000662567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a073a3b6c94e942021-12-21 12:24:19.943root 11241100x8000000000000000662568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9bce0fba2f5b362021-12-21 12:24:19.943root 11241100x8000000000000000662569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65798826d4c319472021-12-21 12:24:19.943root 11241100x8000000000000000662570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465954e54dd5d20f2021-12-21 12:24:19.943root 11241100x8000000000000000662571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feffcd0ceccaff212021-12-21 12:24:19.944root 11241100x8000000000000000662572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4ff65cd86f13452021-12-21 12:24:20.443root 11241100x8000000000000000662573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e713b98cc88fcb4c2021-12-21 12:24:20.443root 11241100x8000000000000000662574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21be5168358608952021-12-21 12:24:20.443root 11241100x8000000000000000662575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d379416f5a027d2021-12-21 12:24:20.443root 11241100x8000000000000000662576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff30b2790b4f6802021-12-21 12:24:20.443root 11241100x8000000000000000662577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d25730de57d04a72021-12-21 12:24:20.443root 11241100x8000000000000000662578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b29438187b596a2021-12-21 12:24:20.443root 11241100x8000000000000000662579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e1a5ce26791b4a2021-12-21 12:24:20.443root 11241100x8000000000000000662580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7f1b250acb1eec2021-12-21 12:24:20.443root 11241100x8000000000000000662581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d0aae4c9fe191a2021-12-21 12:24:20.943root 11241100x8000000000000000662582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5ce4fa54266e4b2021-12-21 12:24:20.943root 11241100x8000000000000000662583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c48f23432af9a32021-12-21 12:24:20.943root 11241100x8000000000000000662584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73335dd71af2da32021-12-21 12:24:20.943root 11241100x8000000000000000662585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848db38b7f87644d2021-12-21 12:24:20.943root 11241100x8000000000000000662586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a4050c69eae7482021-12-21 12:24:20.943root 11241100x8000000000000000662587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e2cbca0fc7ae1f2021-12-21 12:24:20.943root 11241100x8000000000000000662588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270ae5efd0d2f6cf2021-12-21 12:24:20.943root 11241100x8000000000000000662589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94b95117d91e85a2021-12-21 12:24:20.943root 354300x8000000000000000662590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.102{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49938-false10.0.1.12-8000- 11241100x8000000000000000662591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f81a4938fb36952021-12-21 12:24:21.443root 11241100x8000000000000000662592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0b5f4d4292b9182021-12-21 12:24:21.443root 11241100x8000000000000000662593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76675a75bd24d072021-12-21 12:24:21.443root 11241100x8000000000000000662594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c273edc13dd95f2021-12-21 12:24:21.443root 11241100x8000000000000000662595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2452c2c8bd25a782021-12-21 12:24:21.443root 11241100x8000000000000000662596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395b0e67f0946c332021-12-21 12:24:21.443root 11241100x8000000000000000662597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797c1ec4636527cb2021-12-21 12:24:21.443root 11241100x8000000000000000662598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571b1cc59e992b182021-12-21 12:24:21.443root 11241100x8000000000000000662599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d272a055ee30de2021-12-21 12:24:21.444root 11241100x8000000000000000662600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e776510f18b272232021-12-21 12:24:21.444root 11241100x8000000000000000662601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ef1f111495d0f32021-12-21 12:24:21.943root 11241100x8000000000000000662602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf928b1c67c83ea02021-12-21 12:24:21.943root 11241100x8000000000000000662603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a748dca7b362f72021-12-21 12:24:21.943root 11241100x8000000000000000662604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ce02f46e4b645b2021-12-21 12:24:21.943root 11241100x8000000000000000662605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb70839479958582021-12-21 12:24:21.943root 11241100x8000000000000000662606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192f0db0a72fa14e2021-12-21 12:24:21.943root 11241100x8000000000000000662607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0481e4bf671c26aa2021-12-21 12:24:21.943root 11241100x8000000000000000662608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7516615fa39b4b852021-12-21 12:24:21.944root 11241100x8000000000000000662609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82e42e4f10fa3252021-12-21 12:24:21.944root 11241100x8000000000000000662610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee0a17de20be6182021-12-21 12:24:21.944root 11241100x8000000000000000662611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e56f9ba3066e8d2021-12-21 12:24:22.445root 11241100x8000000000000000662612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9515494f5a0e51d62021-12-21 12:24:22.445root 11241100x8000000000000000662613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba176213b3bc1a592021-12-21 12:24:22.445root 11241100x8000000000000000662614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fa7fb0a3eeed642021-12-21 12:24:22.445root 11241100x8000000000000000662615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4d3c6c601d0ae22021-12-21 12:24:22.445root 11241100x8000000000000000662616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fbc1461a6b43752021-12-21 12:24:22.446root 11241100x8000000000000000662617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea3eeb9e2d2b8b52021-12-21 12:24:22.446root 11241100x8000000000000000662618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746fab9bf6236a662021-12-21 12:24:22.446root 11241100x8000000000000000662619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2506ffdd082b96dc2021-12-21 12:24:22.446root 11241100x8000000000000000662620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5c09c6c5aef0a82021-12-21 12:24:22.446root 11241100x8000000000000000662621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b1d369768fe98e2021-12-21 12:24:22.943root 11241100x8000000000000000662622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e1f728253baef92021-12-21 12:24:22.943root 11241100x8000000000000000662623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb9347a399641762021-12-21 12:24:22.943root 11241100x8000000000000000662624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c0afaa9acaf9f22021-12-21 12:24:22.943root 11241100x8000000000000000662625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406f512854787da42021-12-21 12:24:22.943root 11241100x8000000000000000662626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b169fd5f4d0c2cb92021-12-21 12:24:22.943root 11241100x8000000000000000662627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588b20b63cb775982021-12-21 12:24:22.943root 11241100x8000000000000000662628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc33ca5ed04eeb642021-12-21 12:24:22.943root 11241100x8000000000000000662629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20dcdbcb0c557f232021-12-21 12:24:22.943root 11241100x8000000000000000662630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db0f398af8dcfe72021-12-21 12:24:22.944root 11241100x8000000000000000662631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaaf2943c7961a602021-12-21 12:24:23.443root 11241100x8000000000000000662632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42453073068efb32021-12-21 12:24:23.443root 11241100x8000000000000000662633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bfecd340363c7a2021-12-21 12:24:23.443root 11241100x8000000000000000662634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ecba6bdd8f3b932021-12-21 12:24:23.443root 11241100x8000000000000000662635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8df6df3c2722ec2021-12-21 12:24:23.443root 11241100x8000000000000000662636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b60a390ab1ad192021-12-21 12:24:23.443root 11241100x8000000000000000662637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c121c5cee8d145172021-12-21 12:24:23.443root 11241100x8000000000000000662638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5411efd1c65fb8c32021-12-21 12:24:23.443root 11241100x8000000000000000662639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc35b997d1bc01c2021-12-21 12:24:23.443root 11241100x8000000000000000662640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1166599270d20ce2021-12-21 12:24:23.443root 11241100x8000000000000000662641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b152b964aeb456e2021-12-21 12:24:23.943root 11241100x8000000000000000662642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106b5336a310a8c82021-12-21 12:24:23.943root 11241100x8000000000000000662643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c229978f1298d02021-12-21 12:24:23.943root 11241100x8000000000000000662644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338476fcc3aeefb42021-12-21 12:24:23.943root 11241100x8000000000000000662645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ea3ddf631e75f22021-12-21 12:24:23.943root 11241100x8000000000000000662646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6134378ec0399e1b2021-12-21 12:24:23.943root 11241100x8000000000000000662647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b90bd79256fbc32021-12-21 12:24:23.943root 11241100x8000000000000000662648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2499c94304a79322021-12-21 12:24:23.943root 11241100x8000000000000000662649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3462958be6c18c22021-12-21 12:24:23.943root 11241100x8000000000000000662650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3ff7a7b5f210fe2021-12-21 12:24:23.943root 11241100x8000000000000000662651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6af9ee065aab13a2021-12-21 12:24:24.443root 11241100x8000000000000000662652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208d574af65cb5b52021-12-21 12:24:24.443root 11241100x8000000000000000662653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631bd2b4b0077a7e2021-12-21 12:24:24.443root 11241100x8000000000000000662654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5deaaecfe2b1c0ab2021-12-21 12:24:24.443root 11241100x8000000000000000662655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40463e558b90fb102021-12-21 12:24:24.443root 11241100x8000000000000000662656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe2a1f60b9687a82021-12-21 12:24:24.443root 11241100x8000000000000000662657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558f00f3501c2e0b2021-12-21 12:24:24.443root 11241100x8000000000000000662658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c816fd15ecfc722021-12-21 12:24:24.443root 11241100x8000000000000000662659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e16b05530434b982021-12-21 12:24:24.443root 11241100x8000000000000000662660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7984915e4239bf2021-12-21 12:24:24.444root 11241100x8000000000000000662661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2add5bc8e73d44e2021-12-21 12:24:24.943root 11241100x8000000000000000662662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd9d74d7018f7762021-12-21 12:24:24.943root 11241100x8000000000000000662663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552504ffe5d713f62021-12-21 12:24:24.943root 11241100x8000000000000000662664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84070c4f7f2a8ef2021-12-21 12:24:24.943root 11241100x8000000000000000662665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eac2927911211592021-12-21 12:24:24.943root 11241100x8000000000000000662666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44a72cbdbeba2dd2021-12-21 12:24:24.943root 11241100x8000000000000000662667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d1d587e6afe5582021-12-21 12:24:24.943root 11241100x8000000000000000662668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ca75ed13e422c52021-12-21 12:24:24.943root 11241100x8000000000000000662669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67f0addc4b491732021-12-21 12:24:24.943root 11241100x8000000000000000662670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2895bbb676105592021-12-21 12:24:24.943root 11241100x8000000000000000662671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d0b12eb3674b552021-12-21 12:24:25.443root 11241100x8000000000000000662672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6061e376f262452021-12-21 12:24:25.443root 11241100x8000000000000000662673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd98f78c467fc84b2021-12-21 12:24:25.443root 11241100x8000000000000000662674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157d8373d62b2b782021-12-21 12:24:25.443root 11241100x8000000000000000662675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829758e1501307a72021-12-21 12:24:25.443root 11241100x8000000000000000662676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53e38a07a5c62c72021-12-21 12:24:25.443root 11241100x8000000000000000662677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3517b070bf4cfff32021-12-21 12:24:25.443root 11241100x8000000000000000662678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ebdf8889024acd2021-12-21 12:24:25.443root 11241100x8000000000000000662679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11f0d6371588a742021-12-21 12:24:25.444root 11241100x8000000000000000662680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447799d68189f0362021-12-21 12:24:25.444root 354300x8000000000000000662681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.817{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-37004-false10.0.1.12-8089- 11241100x8000000000000000662682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.818{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12edbc37baa822202021-12-21 12:24:25.818root 11241100x8000000000000000662683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.818{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6730ba9b53b79ade2021-12-21 12:24:25.818root 11241100x8000000000000000662684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.818{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472d29b89ad085de2021-12-21 12:24:25.818root 11241100x8000000000000000662685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.818{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1526d7c2356fdb2021-12-21 12:24:25.818root 11241100x8000000000000000662686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.818{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d683ca2da5cffb2021-12-21 12:24:25.818root 11241100x8000000000000000662687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868aeb407a3bb3fa2021-12-21 12:24:25.819root 11241100x8000000000000000662688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a46a3a4d160b3d02021-12-21 12:24:25.819root 11241100x8000000000000000662689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25de9f7030d853802021-12-21 12:24:25.819root 11241100x8000000000000000662690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33370ac38212af8c2021-12-21 12:24:25.819root 11241100x8000000000000000662691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.819{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771e8b99afeac3b42021-12-21 12:24:25.819root 11241100x8000000000000000662692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:25.820{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cc72e50dabec072021-12-21 12:24:25.820root 11241100x8000000000000000662693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821efc66d325950c2021-12-21 12:24:26.193root 11241100x8000000000000000662694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e284e21ba2e46e32021-12-21 12:24:26.193root 11241100x8000000000000000662695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfecd94f8d9815a62021-12-21 12:24:26.193root 11241100x8000000000000000662696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e5a31a8d8ece1c2021-12-21 12:24:26.193root 11241100x8000000000000000662697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10342b573eebbcd2021-12-21 12:24:26.193root 11241100x8000000000000000662698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338a62a0c2b381842021-12-21 12:24:26.193root 11241100x8000000000000000662699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b90f413926cfe872021-12-21 12:24:26.193root 11241100x8000000000000000662700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d743bc8ecb0eda742021-12-21 12:24:26.193root 11241100x8000000000000000662701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2d833866984d692021-12-21 12:24:26.193root 11241100x8000000000000000662702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5868e483536fd4c2021-12-21 12:24:26.193root 11241100x8000000000000000662703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b12263f1e12db82021-12-21 12:24:26.194root 354300x8000000000000000662704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.245{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-49942-false10.0.1.12-8000- 11241100x8000000000000000662705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac061cad28ec6fd72021-12-21 12:24:26.693root 11241100x8000000000000000662706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c030d306187a112021-12-21 12:24:26.693root 11241100x8000000000000000662707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa84d13624b8910b2021-12-21 12:24:26.693root 11241100x8000000000000000662708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12ac310404aa5612021-12-21 12:24:26.693root 11241100x8000000000000000662709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c0668586b16d0a2021-12-21 12:24:26.693root 11241100x8000000000000000662710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd098f49eda69952021-12-21 12:24:26.693root 11241100x8000000000000000662711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c064ba55655786642021-12-21 12:24:26.693root 11241100x8000000000000000662712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57b2aee2dd4a5be2021-12-21 12:24:26.693root 11241100x8000000000000000662713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9d89afff25af002021-12-21 12:24:26.693root 11241100x8000000000000000662714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12e9cf726cf8d122021-12-21 12:24:26.694root 11241100x8000000000000000662715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1161190ba8cb9e2021-12-21 12:24:26.694root 11241100x8000000000000000662716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cb0a9d523433eb2021-12-21 12:24:26.694root 11241100x8000000000000000662717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754c78942df1ba862021-12-21 12:24:27.193root 11241100x8000000000000000662718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774c47356e7d33822021-12-21 12:24:27.193root 11241100x8000000000000000662719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f445aa3231648d72021-12-21 12:24:27.193root 11241100x8000000000000000662720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457e680b427804ea2021-12-21 12:24:27.193root 11241100x8000000000000000662721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7d502a4a211cb52021-12-21 12:24:27.193root 11241100x8000000000000000662722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9ef29e8f1f01342021-12-21 12:24:27.193root 11241100x8000000000000000662723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aca8f3d5b1abce22021-12-21 12:24:27.193root 11241100x8000000000000000662724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa6f3cf019ece442021-12-21 12:24:27.193root 11241100x8000000000000000662725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef131dfd5f19d712021-12-21 12:24:27.193root 11241100x8000000000000000662726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ee119852c8a98c2021-12-21 12:24:27.193root 11241100x8000000000000000662727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f113256b47b48c772021-12-21 12:24:27.194root 11241100x8000000000000000662728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf287e8e5063fe12021-12-21 12:24:27.194root 11241100x8000000000000000662729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e9dbd5dc109b1a2021-12-21 12:24:27.693root 11241100x8000000000000000662730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a04a215255821dc2021-12-21 12:24:27.693root 11241100x8000000000000000662731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f0484396bf01732021-12-21 12:24:27.693root 11241100x8000000000000000662732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b894d99175f5762021-12-21 12:24:27.693root 11241100x8000000000000000662733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532467a0966bbab12021-12-21 12:24:27.693root 11241100x8000000000000000662734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6b21cdd7387ff12021-12-21 12:24:27.693root 11241100x8000000000000000662735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b96e2b7eb476212021-12-21 12:24:27.693root 11241100x8000000000000000662736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fc069ac3a5cedf2021-12-21 12:24:27.693root 11241100x8000000000000000662737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d373a2680d1be302021-12-21 12:24:27.693root 11241100x8000000000000000662738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50eb89a653b340af2021-12-21 12:24:27.693root 11241100x8000000000000000662739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47aa58628fc407362021-12-21 12:24:27.694root 11241100x8000000000000000662740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af27e90ef935700a2021-12-21 12:24:27.694root 11241100x8000000000000000662741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d019f1ffd3b5c8442021-12-21 12:24:28.193root 11241100x8000000000000000662742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fc8ccdf86d43132021-12-21 12:24:28.193root 11241100x8000000000000000662743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f10686d7018de4e2021-12-21 12:24:28.193root 11241100x8000000000000000662744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cbe70b37e158142021-12-21 12:24:28.193root 11241100x8000000000000000662745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4295a709c5b9ba872021-12-21 12:24:28.193root 11241100x8000000000000000662746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69634b774244dc6a2021-12-21 12:24:28.193root 11241100x8000000000000000662747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc816a79e04bebd52021-12-21 12:24:28.193root 11241100x8000000000000000662748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a32e04558e8099c2021-12-21 12:24:28.193root 11241100x8000000000000000662749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b66f956a8610e52021-12-21 12:24:28.193root 11241100x8000000000000000662750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e407daa5d98fd3602021-12-21 12:24:28.194root 11241100x8000000000000000662751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e07323682dbf602021-12-21 12:24:28.194root 11241100x8000000000000000662752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6226996e7d43d79e2021-12-21 12:24:28.194root 11241100x8000000000000000662753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d228ca426d61812021-12-21 12:24:28.693root 11241100x8000000000000000662754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69038131e4fcbdf92021-12-21 12:24:28.693root 11241100x8000000000000000662755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab551cef2723ae82021-12-21 12:24:28.693root 11241100x8000000000000000662756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccd6c3efa2c33b82021-12-21 12:24:28.693root 11241100x8000000000000000662757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a40a5d74ed9c7142021-12-21 12:24:28.694root 11241100x8000000000000000662758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0050fd529fd32f4a2021-12-21 12:24:28.694root 11241100x8000000000000000662759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7985baafdea04e2021-12-21 12:24:28.694root 11241100x8000000000000000662760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cfdffb47632f0f2021-12-21 12:24:28.694root 11241100x8000000000000000662761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f5d5e18b355b322021-12-21 12:24:28.694root 11241100x8000000000000000662762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e96fd9f4a0adb22021-12-21 12:24:28.694root 11241100x8000000000000000662763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb3461ad084e25d2021-12-21 12:24:28.694root 11241100x8000000000000000662764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 12:24:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6909916efb90dd2021-12-21 12:24:28.694root