11241100x8000000000000000333354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f16f9495c1297c02021-12-21 10:21:51.443root 11241100x8000000000000000333355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3424df29f1f737732021-12-21 10:21:51.443root 11241100x8000000000000000333356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f657d6a0b1414e372021-12-21 10:21:51.443root 11241100x8000000000000000333357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8ea85770858de42021-12-21 10:21:51.443root 11241100x8000000000000000333358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4139d44e6fdecbfc2021-12-21 10:21:51.443root 11241100x8000000000000000333359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5200d8820365424c2021-12-21 10:21:51.443root 11241100x8000000000000000333360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dd6a0ac1c2425d2021-12-21 10:21:51.443root 11241100x8000000000000000333361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadc76a1cda4d9192021-12-21 10:21:51.444root 11241100x8000000000000000333362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f795ce8dadd39b2021-12-21 10:21:51.444root 11241100x8000000000000000333363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8169f5469b8544242021-12-21 10:21:51.444root 11241100x8000000000000000333364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305a6008352066072021-12-21 10:21:51.444root 11241100x8000000000000000333365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd855411563a0402021-12-21 10:21:51.444root 11241100x8000000000000000333366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583f5500e0e9d8982021-12-21 10:21:51.444root 11241100x8000000000000000333367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487ca5be4ba35aec2021-12-21 10:21:51.444root 11241100x8000000000000000333368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b51af42119e7812021-12-21 10:21:51.444root 11241100x8000000000000000333369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f351fe417b84352d2021-12-21 10:21:51.444root 11241100x8000000000000000333370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585527e65659cabf2021-12-21 10:21:51.445root 11241100x8000000000000000333371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b9d95ed7ebb8672021-12-21 10:21:51.445root 11241100x8000000000000000333372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6241c5606069482021-12-21 10:21:51.445root 11241100x8000000000000000333373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c47b25dfd006b82021-12-21 10:21:51.445root 11241100x8000000000000000333374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a3f80c7d2058c72021-12-21 10:21:51.445root 11241100x8000000000000000333375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18de439912550762021-12-21 10:21:51.445root 11241100x8000000000000000333376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ea1df9b59b6a6f2021-12-21 10:21:51.445root 11241100x8000000000000000333377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7866ed20e4c730ae2021-12-21 10:21:51.445root 11241100x8000000000000000333378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c818f5710d4e3e2021-12-21 10:21:51.446root 11241100x8000000000000000333379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18575c0b339fad182021-12-21 10:21:51.446root 11241100x8000000000000000333380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d7704aa5dc0ebf2021-12-21 10:21:51.446root 11241100x8000000000000000333381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f717dcaeda75cadc2021-12-21 10:21:51.446root 11241100x8000000000000000333382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37e870bd5771a382021-12-21 10:21:51.447root 11241100x8000000000000000333383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f03ff1842ff9e5c2021-12-21 10:21:51.447root 11241100x8000000000000000333384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0a6875ba4fce922021-12-21 10:21:51.447root 11241100x8000000000000000333385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fade492dde0070552021-12-21 10:21:51.447root 11241100x8000000000000000333386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb220fe5a3b1e132021-12-21 10:21:51.447root 11241100x8000000000000000333387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf01a265eac3cc52021-12-21 10:21:51.447root 11241100x8000000000000000333388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fb6270a7aa3e472021-12-21 10:21:51.447root 11241100x8000000000000000333389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2681c6951abbd0fe2021-12-21 10:21:51.448root 11241100x8000000000000000333390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19170866aa3db8712021-12-21 10:21:51.448root 11241100x8000000000000000333391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6af6559cccfa5e2021-12-21 10:21:51.448root 11241100x8000000000000000333392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfee595582bbfa5d2021-12-21 10:21:51.448root 11241100x8000000000000000333393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcf016d09ea98a12021-12-21 10:21:51.448root 11241100x8000000000000000333394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2327d3ccb8f2c6f62021-12-21 10:21:51.448root 11241100x8000000000000000333395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd606b9a67ddae8c2021-12-21 10:21:51.448root 11241100x8000000000000000333396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c5e2ee46343fd72021-12-21 10:21:51.448root 11241100x8000000000000000333397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2306e46e8d34fa2021-12-21 10:21:51.448root 11241100x8000000000000000333398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489a12e45a1424052021-12-21 10:21:51.448root 11241100x8000000000000000333399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94bd982cbf2114c2021-12-21 10:21:51.448root 11241100x8000000000000000333400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96c5efc4c199c152021-12-21 10:21:51.448root 11241100x8000000000000000333401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78de29495e0cc0e2021-12-21 10:21:51.943root 11241100x8000000000000000333402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf96ed7cb20456c2021-12-21 10:21:51.943root 11241100x8000000000000000333403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e46d92b05369212021-12-21 10:21:51.943root 11241100x8000000000000000333404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db08810f1baaccbe2021-12-21 10:21:51.943root 11241100x8000000000000000333405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d627c0705de76b492021-12-21 10:21:51.944root 11241100x8000000000000000333406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec531159054e62ac2021-12-21 10:21:51.944root 11241100x8000000000000000333407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efeaef699332bcb2021-12-21 10:21:51.944root 11241100x8000000000000000333408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24575d6543d7d55f2021-12-21 10:21:51.944root 11241100x8000000000000000333409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbac8b2c42257e02021-12-21 10:21:51.944root 11241100x8000000000000000333410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521d12359078e94b2021-12-21 10:21:51.944root 11241100x8000000000000000333411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009b600daa4a204b2021-12-21 10:21:51.945root 11241100x8000000000000000333412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933d6c96a1a419732021-12-21 10:21:51.945root 11241100x8000000000000000333413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c066a51499245a52021-12-21 10:21:51.945root 11241100x8000000000000000333414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4253283144e2a0f22021-12-21 10:21:51.945root 11241100x8000000000000000333415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8734f877401eb232021-12-21 10:21:51.945root 11241100x8000000000000000333416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d8967327526f1a2021-12-21 10:21:51.945root 11241100x8000000000000000333417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16acde24eec9026c2021-12-21 10:21:51.946root 11241100x8000000000000000333418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50647ca62bd05252021-12-21 10:21:51.946root 11241100x8000000000000000333419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603e42a93759074b2021-12-21 10:21:51.946root 11241100x8000000000000000333420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13550e92ac91e4512021-12-21 10:21:51.946root 11241100x8000000000000000333421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078ef07177925db22021-12-21 10:21:51.946root 11241100x8000000000000000333422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47245d94cd85b642021-12-21 10:21:51.946root 11241100x8000000000000000333423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f554278d2df1b5f12021-12-21 10:21:51.946root 11241100x8000000000000000333424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64c8ba5627443e52021-12-21 10:21:51.946root 11241100x8000000000000000333425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc14f66213a23fb2021-12-21 10:21:51.947root 11241100x8000000000000000333426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42302acd64ae76752021-12-21 10:21:51.947root 11241100x8000000000000000333427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338f1f8e017f53552021-12-21 10:21:51.947root 11241100x8000000000000000333428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455767abb3cad9992021-12-21 10:21:51.947root 11241100x8000000000000000333429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2f77dfa022bf5f2021-12-21 10:21:51.947root 11241100x8000000000000000333430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9f24913ae534112021-12-21 10:21:51.947root 11241100x8000000000000000333431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0180c9364c839c82021-12-21 10:21:51.947root 11241100x8000000000000000333432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e99e86e60d6ddd2021-12-21 10:21:51.947root 11241100x8000000000000000333433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110d5d7f7cb5e2ba2021-12-21 10:21:51.948root 11241100x8000000000000000333434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf28bb50c63a3c82021-12-21 10:21:51.948root 11241100x8000000000000000333435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7f1197badfeb322021-12-21 10:21:51.948root 11241100x8000000000000000333436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a305169d0e843af2021-12-21 10:21:51.948root 11241100x8000000000000000333437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138d678fb60d58a32021-12-21 10:21:51.948root 11241100x8000000000000000333438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fa10fcc034e4422021-12-21 10:21:51.948root 11241100x8000000000000000333439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068a648b129a897c2021-12-21 10:21:51.948root 11241100x8000000000000000333440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bafb9f9deff143c2021-12-21 10:21:52.443root 11241100x8000000000000000333441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c9949a84d8794a2021-12-21 10:21:52.443root 11241100x8000000000000000333442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0bfb7841c37de72021-12-21 10:21:52.443root 11241100x8000000000000000333443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63e301e4baaec022021-12-21 10:21:52.444root 11241100x8000000000000000333444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2977ce84a99852542021-12-21 10:21:52.444root 11241100x8000000000000000333445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0f8594143eb0452021-12-21 10:21:52.444root 11241100x8000000000000000333446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879485a718c9ca6e2021-12-21 10:21:52.444root 11241100x8000000000000000333447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8749deb16d19b3bc2021-12-21 10:21:52.444root 11241100x8000000000000000333448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80294cb0fea942c92021-12-21 10:21:52.444root 11241100x8000000000000000333449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d753023d8e0e981a2021-12-21 10:21:52.445root 11241100x8000000000000000333450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca5a756a5d74a9a2021-12-21 10:21:52.445root 11241100x8000000000000000333451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a104771cb4c7ff2021-12-21 10:21:52.445root 11241100x8000000000000000333452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47804de8b7b93b312021-12-21 10:21:52.445root 11241100x8000000000000000333453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920bc030844a3c182021-12-21 10:21:52.445root 11241100x8000000000000000333454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75147de57e4836cd2021-12-21 10:21:52.445root 11241100x8000000000000000333455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8482cc068ad2c6db2021-12-21 10:21:52.445root 11241100x8000000000000000333456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fd316a8a0339e92021-12-21 10:21:52.445root 11241100x8000000000000000333457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf546a9d4c9d3772021-12-21 10:21:52.446root 11241100x8000000000000000333458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e771be534ff3d2b2021-12-21 10:21:52.446root 11241100x8000000000000000333459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e65380a3028b9a2021-12-21 10:21:52.446root 11241100x8000000000000000333460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b833155e7fdb4d2021-12-21 10:21:52.446root 11241100x8000000000000000333461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b71d1dac0f006c2021-12-21 10:21:52.446root 11241100x8000000000000000333462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05d566b6513b2702021-12-21 10:21:52.447root 11241100x8000000000000000333463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e0fce63055a3dc2021-12-21 10:21:52.447root 11241100x8000000000000000333464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e226effe708bb59b2021-12-21 10:21:52.447root 11241100x8000000000000000333465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03aa15efd06724a22021-12-21 10:21:52.447root 11241100x8000000000000000333466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cee1dccbc728e52021-12-21 10:21:52.448root 11241100x8000000000000000333467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cb3e5ab62c4c222021-12-21 10:21:52.448root 11241100x8000000000000000333468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9fdbde138f63712021-12-21 10:21:52.448root 11241100x8000000000000000333469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697989e03787fb632021-12-21 10:21:52.448root 11241100x8000000000000000333470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50260f8191ed91cc2021-12-21 10:21:52.448root 11241100x8000000000000000333471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c6c6e56d4a553e2021-12-21 10:21:52.448root 11241100x8000000000000000333472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e68bc44348553f92021-12-21 10:21:52.448root 11241100x8000000000000000333473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03491449a730a6f72021-12-21 10:21:52.448root 11241100x8000000000000000333474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0964b1f02f32e862021-12-21 10:21:52.448root 11241100x8000000000000000333475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59b6429b0cc9a6e2021-12-21 10:21:52.449root 11241100x8000000000000000333476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e648b8ebe75e092021-12-21 10:21:52.449root 11241100x8000000000000000333477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716940ab8210e6eb2021-12-21 10:21:52.943root 11241100x8000000000000000333478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15e4490cc49d0f12021-12-21 10:21:52.943root 11241100x8000000000000000333479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8699fec4c4ddd42021-12-21 10:21:52.943root 11241100x8000000000000000333480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57535cde678801c62021-12-21 10:21:52.943root 11241100x8000000000000000333481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5610274ab30ec3832021-12-21 10:21:52.944root 11241100x8000000000000000333482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d80cc82bb50a882021-12-21 10:21:52.944root 11241100x8000000000000000333483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96aaadc1b2b15652021-12-21 10:21:52.944root 11241100x8000000000000000333484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ec67b43f2a12cf2021-12-21 10:21:52.944root 11241100x8000000000000000333485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab6f478e51274f22021-12-21 10:21:52.944root 11241100x8000000000000000333486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b6d0d350ec98402021-12-21 10:21:52.944root 11241100x8000000000000000333487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af54cc2c2257c752021-12-21 10:21:52.944root 11241100x8000000000000000333488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71dad801dcc5e1d22021-12-21 10:21:52.944root 11241100x8000000000000000333489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e198db043e2646f92021-12-21 10:21:52.944root 11241100x8000000000000000333490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513c1f31c9c1fda52021-12-21 10:21:52.944root 11241100x8000000000000000333491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadfca8bb69eda342021-12-21 10:21:52.945root 11241100x8000000000000000333492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad45f05b4e80675c2021-12-21 10:21:52.945root 11241100x8000000000000000333493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc808192c21a50ca2021-12-21 10:21:52.945root 11241100x8000000000000000333494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23eb3d2f06709662021-12-21 10:21:52.945root 11241100x8000000000000000333495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b557ae38cc5ab23e2021-12-21 10:21:52.945root 11241100x8000000000000000333496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36600182fe362da2021-12-21 10:21:52.945root 11241100x8000000000000000333497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3127847cd340c4432021-12-21 10:21:52.945root 11241100x8000000000000000333498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597a8d8a9c37124a2021-12-21 10:21:52.945root 11241100x8000000000000000333499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2472ae580b90eb2021-12-21 10:21:52.946root 11241100x8000000000000000333500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bc778219e675ef2021-12-21 10:21:52.946root 11241100x8000000000000000333501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e6f03c77968ae52021-12-21 10:21:52.946root 11241100x8000000000000000333502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbd4fbb69292c662021-12-21 10:21:52.946root 11241100x8000000000000000333503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5594b2b39ff1b9a82021-12-21 10:21:52.946root 11241100x8000000000000000333504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a72ae0d623fa5ac2021-12-21 10:21:52.946root 11241100x8000000000000000333505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e2c821a377c5c72021-12-21 10:21:52.946root 11241100x8000000000000000333506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef740dd71c488d6d2021-12-21 10:21:52.947root 11241100x8000000000000000333507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30361ed80544f5aa2021-12-21 10:21:52.947root 11241100x8000000000000000333508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cea0015469854a72021-12-21 10:21:52.947root 11241100x8000000000000000333509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c97a1c1f623f8042021-12-21 10:21:52.947root 11241100x8000000000000000333510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf82086d79694392021-12-21 10:21:52.947root 11241100x8000000000000000333511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8473289841de6b862021-12-21 10:21:52.947root 11241100x8000000000000000333512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e64bab3c00a55622021-12-21 10:21:53.443root 11241100x8000000000000000333513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f5006b83fec6922021-12-21 10:21:53.443root 11241100x8000000000000000333514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acab200f1fff80452021-12-21 10:21:53.443root 11241100x8000000000000000333515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2082a7f2976a732021-12-21 10:21:53.444root 11241100x8000000000000000333516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71bb9cac4e0034a2021-12-21 10:21:53.444root 11241100x8000000000000000333517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0683e55df2b6c2442021-12-21 10:21:53.444root 11241100x8000000000000000333518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f538b5a4449f612021-12-21 10:21:53.444root 11241100x8000000000000000333519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f9dcb2fa39ded32021-12-21 10:21:53.444root 11241100x8000000000000000333520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabc4149fe174bc72021-12-21 10:21:53.444root 11241100x8000000000000000333521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05786e9e1f7095772021-12-21 10:21:53.444root 11241100x8000000000000000333522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f45978c403abf332021-12-21 10:21:53.444root 11241100x8000000000000000333523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea06d7de0c2e7892021-12-21 10:21:53.444root 11241100x8000000000000000333524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9363806fac83f892021-12-21 10:21:53.445root 11241100x8000000000000000333525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b19145f538faa92021-12-21 10:21:53.445root 11241100x8000000000000000333526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da249bbb962112062021-12-21 10:21:53.445root 11241100x8000000000000000333527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43cebcedbef46752021-12-21 10:21:53.445root 11241100x8000000000000000333528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0e27399a6d50652021-12-21 10:21:53.445root 11241100x8000000000000000333529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f39c5e3b7e3beb2021-12-21 10:21:53.445root 11241100x8000000000000000333530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6123f16357b95322021-12-21 10:21:53.445root 11241100x8000000000000000333531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e520b14e5d5d1f032021-12-21 10:21:53.445root 11241100x8000000000000000333532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f50880c43822b62021-12-21 10:21:53.445root 11241100x8000000000000000333533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ccd6a8b28307e62021-12-21 10:21:53.445root 11241100x8000000000000000333534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca9ca1371fb9ee72021-12-21 10:21:53.445root 11241100x8000000000000000333535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cb353eab550e232021-12-21 10:21:53.446root 11241100x8000000000000000333536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f311dab74fc16912021-12-21 10:21:53.446root 11241100x8000000000000000333537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22d4792a56fe7922021-12-21 10:21:53.446root 11241100x8000000000000000333538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a814462d17f91fff2021-12-21 10:21:53.446root 11241100x8000000000000000333539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0362889e79b00a2021-12-21 10:21:53.446root 11241100x8000000000000000333540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493eabe0764db1f32021-12-21 10:21:53.446root 11241100x8000000000000000333541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9834a106a1a82eb2021-12-21 10:21:53.446root 11241100x8000000000000000333542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25921c5098e51142021-12-21 10:21:53.446root 11241100x8000000000000000333543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc021a2d2f87f172021-12-21 10:21:53.446root 11241100x8000000000000000333544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65ac8e65785a2b22021-12-21 10:21:53.446root 11241100x8000000000000000333545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c6e562e54226af2021-12-21 10:21:53.447root 11241100x8000000000000000333546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce3b8775ce6dc352021-12-21 10:21:53.447root 11241100x8000000000000000333547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64732b543bfa41c42021-12-21 10:21:53.447root 11241100x8000000000000000333548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb5e2bbe2ef454d2021-12-21 10:21:53.943root 11241100x8000000000000000333549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7d72b518003d7b2021-12-21 10:21:53.943root 11241100x8000000000000000333550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837294e46c1d1c172021-12-21 10:21:53.943root 11241100x8000000000000000333551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a363c371acf29b2021-12-21 10:21:53.943root 11241100x8000000000000000333552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c8757425cac1582021-12-21 10:21:53.944root 11241100x8000000000000000333553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0a62cd95cf6b8d2021-12-21 10:21:53.944root 11241100x8000000000000000333554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7635c0150d31acd82021-12-21 10:21:53.944root 11241100x8000000000000000333555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9fe67c5d80e16e2021-12-21 10:21:53.944root 11241100x8000000000000000333556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f63cc35a0197702021-12-21 10:21:53.944root 11241100x8000000000000000333557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483dec7a7186889e2021-12-21 10:21:53.944root 11241100x8000000000000000333558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd06dc6f89eb2dbe2021-12-21 10:21:53.944root 11241100x8000000000000000333559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25e416b1d4f2d612021-12-21 10:21:53.945root 11241100x8000000000000000333560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb4008ac4d0777a2021-12-21 10:21:53.945root 11241100x8000000000000000333561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdc06aa730697322021-12-21 10:21:53.945root 11241100x8000000000000000333562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328be02d916ba6392021-12-21 10:21:53.945root 11241100x8000000000000000333563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5839f99726674e2021-12-21 10:21:53.945root 11241100x8000000000000000333564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747505ed7127250c2021-12-21 10:21:53.945root 11241100x8000000000000000333565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f40f1975b84eaa2021-12-21 10:21:53.945root 11241100x8000000000000000333566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6e8f48a9d279a12021-12-21 10:21:53.946root 11241100x8000000000000000333567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ec8169c2e7b6ff2021-12-21 10:21:53.946root 11241100x8000000000000000333568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2592f100afb9c9d22021-12-21 10:21:53.947root 11241100x8000000000000000333569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012c4ee555b538fc2021-12-21 10:21:53.947root 11241100x8000000000000000333570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013740940c908db22021-12-21 10:21:53.947root 11241100x8000000000000000333571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8fa2e17649cbfa2021-12-21 10:21:53.948root 11241100x8000000000000000333572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1750697fb5b0e3552021-12-21 10:21:53.948root 11241100x8000000000000000333573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d19e40c1c9b38e2021-12-21 10:21:53.948root 11241100x8000000000000000333574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f8beadd5a38afb2021-12-21 10:21:53.949root 11241100x8000000000000000333575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e38fe4d87bb0fe2021-12-21 10:21:53.949root 11241100x8000000000000000333576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f758d0ac6aad5092021-12-21 10:21:53.949root 11241100x8000000000000000333577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2b2e985f19339f2021-12-21 10:21:53.950root 11241100x8000000000000000333578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b42b0bc9d7f3cd02021-12-21 10:21:53.950root 11241100x8000000000000000333579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81feebbfe99eafcf2021-12-21 10:21:53.950root 11241100x8000000000000000333580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6955015878ebd642021-12-21 10:21:53.950root 11241100x8000000000000000333581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f649d77f743f006d2021-12-21 10:21:53.951root 11241100x8000000000000000333582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3dacfcfcbff6b6c2021-12-21 10:21:53.951root 354300x8000000000000000333583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.207{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-46992-false10.0.1.12-8000- 11241100x8000000000000000333584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402db7941540d94a2021-12-21 10:21:54.207root 11241100x8000000000000000333585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d5d56e20d34d612021-12-21 10:21:54.207root 11241100x8000000000000000333586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d94fa0ef6b37e7a2021-12-21 10:21:54.208root 11241100x8000000000000000333587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a131b7dbdcf709f52021-12-21 10:21:54.208root 11241100x8000000000000000333588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f49f135847f7aec2021-12-21 10:21:54.208root 11241100x8000000000000000333589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb40cb88e5bd4fb2021-12-21 10:21:54.208root 11241100x8000000000000000333590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a55e838911df612021-12-21 10:21:54.208root 11241100x8000000000000000333591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb65decf0f1a21ed2021-12-21 10:21:54.208root 11241100x8000000000000000333592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46d9b06c36a94b62021-12-21 10:21:54.208root 11241100x8000000000000000333593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab0bdb5bba1a0bb2021-12-21 10:21:54.209root 11241100x8000000000000000333594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d5d244a916c6c42021-12-21 10:21:54.209root 11241100x8000000000000000333595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a12e0226c3afdd2021-12-21 10:21:54.209root 11241100x8000000000000000333596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c521a05cb11c1c62021-12-21 10:21:54.209root 11241100x8000000000000000333597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de08c9810ffcc362021-12-21 10:21:54.209root 11241100x8000000000000000333598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a543c129ffb6cac52021-12-21 10:21:54.209root 11241100x8000000000000000333599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256069eccf64e03f2021-12-21 10:21:54.209root 11241100x8000000000000000333600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc8356a556fcb2d2021-12-21 10:21:54.210root 11241100x8000000000000000333601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a247add8ea3902d32021-12-21 10:21:54.210root 11241100x8000000000000000333602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a5dc697c6bf26c2021-12-21 10:21:54.210root 11241100x8000000000000000333603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401b22ff13f975b92021-12-21 10:21:54.210root 11241100x8000000000000000333604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5858ad2f995de52021-12-21 10:21:54.210root 11241100x8000000000000000333605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55322c2bc71beb722021-12-21 10:21:54.210root 11241100x8000000000000000333606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d6a6233a43d0e22021-12-21 10:21:54.210root 11241100x8000000000000000333607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10922bff25f227962021-12-21 10:21:54.211root 11241100x8000000000000000333608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c0b288ccc1dac52021-12-21 10:21:54.211root 11241100x8000000000000000333609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266490bb7a2ec6f32021-12-21 10:21:54.211root 11241100x8000000000000000333610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9e130098d61fc82021-12-21 10:21:54.211root 11241100x8000000000000000333611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6182b49510ede3262021-12-21 10:21:54.211root 11241100x8000000000000000333612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777ea826fab18d7c2021-12-21 10:21:54.211root 11241100x8000000000000000333613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb2973790e21d742021-12-21 10:21:54.211root 11241100x8000000000000000333614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87209df6d1702f862021-12-21 10:21:54.212root 11241100x8000000000000000333615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f171612783c64b862021-12-21 10:21:54.212root 11241100x8000000000000000333616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff819fda826baa4b2021-12-21 10:21:54.212root 11241100x8000000000000000333617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef329f8ca9a188f2021-12-21 10:21:54.212root 11241100x8000000000000000333618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c8c4edd6142e162021-12-21 10:21:54.212root 11241100x8000000000000000333619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f8359db8d0b0be2021-12-21 10:21:54.212root 11241100x8000000000000000333620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07086a1f84b83152021-12-21 10:21:54.213root 11241100x8000000000000000333621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99c6d88bba341842021-12-21 10:21:54.213root 11241100x8000000000000000333622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab47631e076de2782021-12-21 10:21:54.213root 11241100x8000000000000000333623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0522957432610982021-12-21 10:21:54.213root 11241100x8000000000000000333624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e92e4b9589bbbf12021-12-21 10:21:54.693root 11241100x8000000000000000333625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83f136e402337f92021-12-21 10:21:54.693root 11241100x8000000000000000333626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69dff0b75995960b2021-12-21 10:21:54.693root 11241100x8000000000000000333627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b8dd629e025dee2021-12-21 10:21:54.693root 11241100x8000000000000000333628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea5486afe9322b22021-12-21 10:21:54.694root 11241100x8000000000000000333629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cf79cf14d5b69c2021-12-21 10:21:54.694root 11241100x8000000000000000333630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0139e158db5446e22021-12-21 10:21:54.694root 11241100x8000000000000000333631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9317c2bd2e303c3f2021-12-21 10:21:54.694root 11241100x8000000000000000333632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145339aa6afcffc32021-12-21 10:21:54.694root 11241100x8000000000000000333633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d15668f3e3b61e42021-12-21 10:21:54.695root 11241100x8000000000000000333634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331472649e2ff2192021-12-21 10:21:54.695root 11241100x8000000000000000333635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd1e59ccf9453502021-12-21 10:21:54.695root 11241100x8000000000000000333636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148c599e9b89087f2021-12-21 10:21:54.695root 11241100x8000000000000000333637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f7d5a332a629cc2021-12-21 10:21:54.695root 11241100x8000000000000000333638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a4b3b61a54e2112021-12-21 10:21:54.695root 11241100x8000000000000000333639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbbf13ef1a932d62021-12-21 10:21:54.695root 11241100x8000000000000000333640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975f1beb30c8e8be2021-12-21 10:21:54.696root 11241100x8000000000000000333641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f475c927b6ef73ce2021-12-21 10:21:54.696root 11241100x8000000000000000333642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feca3c8ca70b949d2021-12-21 10:21:54.696root 11241100x8000000000000000333643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002fc163bb7dae682021-12-21 10:21:54.696root 11241100x8000000000000000333644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b3f144c912d7342021-12-21 10:21:54.696root 11241100x8000000000000000333645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b665ac8e0dc90b22021-12-21 10:21:54.696root 11241100x8000000000000000333646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0d454c2e4b80712021-12-21 10:21:54.697root 11241100x8000000000000000333647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c50e7bce5d07ad2021-12-21 10:21:54.697root 11241100x8000000000000000333648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08006ebbcf0d16d62021-12-21 10:21:54.697root 11241100x8000000000000000333649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1060172f24b408562021-12-21 10:21:54.697root 11241100x8000000000000000333650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b52e9937336d8772021-12-21 10:21:54.697root 11241100x8000000000000000333651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6dcf55cc1635d22021-12-21 10:21:54.697root 11241100x8000000000000000333652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c270c7e2fa8a962021-12-21 10:21:54.697root 11241100x8000000000000000333653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c2e7a1203d80692021-12-21 10:21:54.698root 11241100x8000000000000000333654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46db3da294fb87b2021-12-21 10:21:54.698root 11241100x8000000000000000333655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c59431359e784072021-12-21 10:21:54.698root 11241100x8000000000000000333656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044177c86f74f81a2021-12-21 10:21:54.698root 11241100x8000000000000000333657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56317f148e44fc22021-12-21 10:21:54.698root 11241100x8000000000000000333658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57907105eb4dfc7f2021-12-21 10:21:54.698root 11241100x8000000000000000333659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be22d273b2edd4102021-12-21 10:21:54.698root 11241100x8000000000000000333660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034e97de5c6449692021-12-21 10:21:54.698root 11241100x8000000000000000333661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5440cbc32444db542021-12-21 10:21:54.698root 11241100x8000000000000000333662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e67336f383e6fde2021-12-21 10:21:54.698root 11241100x8000000000000000333663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38054290389055e62021-12-21 10:21:54.698root 11241100x8000000000000000333664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fac35189d50bf292021-12-21 10:21:55.193root 11241100x8000000000000000333665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10e8e1b81de7a492021-12-21 10:21:55.194root 11241100x8000000000000000333666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5248850671699252021-12-21 10:21:55.194root 11241100x8000000000000000333667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9120a9ee8233d42021-12-21 10:21:55.194root 11241100x8000000000000000333668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3699e878e9f983442021-12-21 10:21:55.194root 11241100x8000000000000000333669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4e3a5605d093612021-12-21 10:21:55.194root 11241100x8000000000000000333670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde34ade2ea777152021-12-21 10:21:55.194root 11241100x8000000000000000333671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf2c21196de06012021-12-21 10:21:55.195root 11241100x8000000000000000333672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672a1f7d281e6d1f2021-12-21 10:21:55.195root 11241100x8000000000000000333673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3ea6a1d8918ee02021-12-21 10:21:55.195root 11241100x8000000000000000333674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9e14596ad596ae2021-12-21 10:21:55.195root 11241100x8000000000000000333675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3668d0a160c259232021-12-21 10:21:55.195root 11241100x8000000000000000333676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238a8cb5f1ff80492021-12-21 10:21:55.195root 11241100x8000000000000000333677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac0439131489b382021-12-21 10:21:55.195root 11241100x8000000000000000333678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd8993bb191f8ef2021-12-21 10:21:55.195root 11241100x8000000000000000333679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6834d18a3d538a732021-12-21 10:21:55.196root 11241100x8000000000000000333680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079c94d40c3f99c22021-12-21 10:21:55.196root 11241100x8000000000000000333681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c962172796eeb1b2021-12-21 10:21:55.196root 11241100x8000000000000000333682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f460fc73a36a7f2e2021-12-21 10:21:55.196root 11241100x8000000000000000333683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e89502e7992e492021-12-21 10:21:55.196root 11241100x8000000000000000333684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429c5be9180486352021-12-21 10:21:55.196root 11241100x8000000000000000333685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84600954e5b2b1742021-12-21 10:21:55.196root 11241100x8000000000000000333686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2ac7aa1e65cd6c2021-12-21 10:21:55.196root 11241100x8000000000000000333687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1eb6a6e537339cc2021-12-21 10:21:55.197root 11241100x8000000000000000333688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8c5442ce5835982021-12-21 10:21:55.197root 11241100x8000000000000000333689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c109ab9a3f78a6742021-12-21 10:21:55.197root 11241100x8000000000000000333690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49aa2398ecd623842021-12-21 10:21:55.197root 11241100x8000000000000000333691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2564179dfb4103b2021-12-21 10:21:55.197root 11241100x8000000000000000333692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442eb432371b4a492021-12-21 10:21:55.197root 11241100x8000000000000000333693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e736b0ed9f5f8e2021-12-21 10:21:55.198root 11241100x8000000000000000333694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbc569822fd8fff2021-12-21 10:21:55.198root 11241100x8000000000000000333695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e894e2f4a3ed4dde2021-12-21 10:21:55.198root 11241100x8000000000000000333696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208b42357443f2782021-12-21 10:21:55.198root 11241100x8000000000000000333697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637031ea89c631dc2021-12-21 10:21:55.198root 11241100x8000000000000000333698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52569d00aaa21b402021-12-21 10:21:55.199root 11241100x8000000000000000333699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8b027de76577b32021-12-21 10:21:55.199root 11241100x8000000000000000333700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee355b74a38d0f4e2021-12-21 10:21:55.693root 11241100x8000000000000000333701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef17f119ee74be42021-12-21 10:21:55.693root 11241100x8000000000000000333702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19832b6092f4ea032021-12-21 10:21:55.693root 11241100x8000000000000000333703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327f73134bdc7cc62021-12-21 10:21:55.694root 11241100x8000000000000000333704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bdf4e9ed4e745b2021-12-21 10:21:55.694root 11241100x8000000000000000333705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259b280a2bf5bfe72021-12-21 10:21:55.695root 11241100x8000000000000000333706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4dd5c1f2dbfee882021-12-21 10:21:55.695root 11241100x8000000000000000333707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa240b4c27231722021-12-21 10:21:55.695root 11241100x8000000000000000333708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edb6dea42a26e172021-12-21 10:21:55.695root 11241100x8000000000000000333709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4590eeb5f75645eb2021-12-21 10:21:55.695root 11241100x8000000000000000333710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac86bb4cdffd77e2021-12-21 10:21:55.695root 11241100x8000000000000000333711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b7785b58bd06f62021-12-21 10:21:55.696root 11241100x8000000000000000333712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62fc3185ec9b0c22021-12-21 10:21:55.696root 11241100x8000000000000000333713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2e4f0d610c03112021-12-21 10:21:55.696root 11241100x8000000000000000333714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30dad7ef8ff50c72021-12-21 10:21:55.696root 11241100x8000000000000000333715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da78664b0f4df9d2021-12-21 10:21:55.696root 11241100x8000000000000000333716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1890dc1596ec488b2021-12-21 10:21:55.696root 11241100x8000000000000000333717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973e95ae98791b9d2021-12-21 10:21:55.696root 11241100x8000000000000000333718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c8d84bfe2dbddc2021-12-21 10:21:55.696root 11241100x8000000000000000333719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9572b571b1fba6742021-12-21 10:21:55.696root 11241100x8000000000000000333720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a866c4906030e65b2021-12-21 10:21:55.697root 11241100x8000000000000000333721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ef011dde3a6fbd2021-12-21 10:21:55.697root 11241100x8000000000000000333722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c5db44280b47322021-12-21 10:21:55.697root 11241100x8000000000000000333723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed3b23261a4a02f2021-12-21 10:21:55.697root 11241100x8000000000000000333724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c27cb0403b256f2021-12-21 10:21:55.697root 11241100x8000000000000000333725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469cae1b5347d7832021-12-21 10:21:55.697root 11241100x8000000000000000333726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0890ab3c00e3372021-12-21 10:21:55.697root 11241100x8000000000000000333727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cc49cb15bd92572021-12-21 10:21:55.697root 11241100x8000000000000000333728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9e5e9ef48975db2021-12-21 10:21:55.697root 11241100x8000000000000000333729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecc9115825e0a502021-12-21 10:21:55.698root 11241100x8000000000000000333730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3c09895bd1eefd2021-12-21 10:21:55.698root 11241100x8000000000000000333731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3783e6d3783259af2021-12-21 10:21:55.698root 11241100x8000000000000000333732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103980c237681bbe2021-12-21 10:21:55.698root 11241100x8000000000000000333733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50747d819c633722021-12-21 10:21:55.698root 11241100x8000000000000000333734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c078ca833840db72021-12-21 10:21:55.698root 11241100x8000000000000000333735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d966878f598e6432021-12-21 10:21:55.698root 11241100x8000000000000000333736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1614b0fce6a5702021-12-21 10:21:55.698root 11241100x8000000000000000333737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee42e134fe5c18e92021-12-21 10:21:55.698root 11241100x8000000000000000333738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4645c6aef7c0a072021-12-21 10:21:55.699root 11241100x8000000000000000333739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de72b55f561384b2021-12-21 10:21:56.193root 11241100x8000000000000000333740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d102b0fbdd79c26e2021-12-21 10:21:56.194root 11241100x8000000000000000333741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1f18c4898222c02021-12-21 10:21:56.194root 11241100x8000000000000000333742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4551cb6d5791be32021-12-21 10:21:56.194root 11241100x8000000000000000333743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bfe08e37131c382021-12-21 10:21:56.194root 11241100x8000000000000000333744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19744ff7666bf252021-12-21 10:21:56.195root 11241100x8000000000000000333745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e2b351a38b83e42021-12-21 10:21:56.195root 11241100x8000000000000000333746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed75b600419c8832021-12-21 10:21:56.195root 11241100x8000000000000000333747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272df7e920944c412021-12-21 10:21:56.195root 11241100x8000000000000000333748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc95fb7cd3cc27d02021-12-21 10:21:56.196root 11241100x8000000000000000333749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40b2b6c4866a4cf2021-12-21 10:21:56.196root 11241100x8000000000000000333750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ebe536050632cd2021-12-21 10:21:56.196root 11241100x8000000000000000333751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98cf090f06651972021-12-21 10:21:56.196root 11241100x8000000000000000333752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0382f1ee7f0f7ac82021-12-21 10:21:56.196root 11241100x8000000000000000333753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94f18b64bc98faf2021-12-21 10:21:56.196root 11241100x8000000000000000333754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d4dd85d3d8cdad2021-12-21 10:21:56.197root 11241100x8000000000000000333755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775f5a8c2d6aafa62021-12-21 10:21:56.197root 11241100x8000000000000000333756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8523e556e95a9ee92021-12-21 10:21:56.197root 11241100x8000000000000000333757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4911ec1b19855c8b2021-12-21 10:21:56.197root 11241100x8000000000000000333758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918235871c2f83732021-12-21 10:21:56.197root 11241100x8000000000000000333759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8637383223fc27432021-12-21 10:21:56.197root 11241100x8000000000000000333760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ce198f6e68746d2021-12-21 10:21:56.197root 11241100x8000000000000000333761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6462fb10ba54222021-12-21 10:21:56.197root 11241100x8000000000000000333762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea1079eee30fc912021-12-21 10:21:56.198root 11241100x8000000000000000333763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a221d02cebef199b2021-12-21 10:21:56.198root 11241100x8000000000000000333764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fade377ee054cbcd2021-12-21 10:21:56.198root 11241100x8000000000000000333765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd1da806230f0af2021-12-21 10:21:56.198root 11241100x8000000000000000333766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4e413a79fae45a2021-12-21 10:21:56.198root 11241100x8000000000000000333767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f2448e5a49daba2021-12-21 10:21:56.198root 11241100x8000000000000000333768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f631aff07734672d2021-12-21 10:21:56.198root 11241100x8000000000000000333769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c79032c67a4d9a2021-12-21 10:21:56.198root 11241100x8000000000000000333770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5042522e2b4e872021-12-21 10:21:56.199root 11241100x8000000000000000333771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944a152ec41bb69c2021-12-21 10:21:56.199root 11241100x8000000000000000333772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fc8346cb3e7ccc2021-12-21 10:21:56.199root 11241100x8000000000000000333773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156caec7fa331c7b2021-12-21 10:21:56.199root 11241100x8000000000000000333774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6916a24ff7b4e82021-12-21 10:21:56.199root 11241100x8000000000000000333775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8cc00ab613c0642021-12-21 10:21:56.199root 11241100x8000000000000000333776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312ecc0fd7fc00f72021-12-21 10:21:56.199root 11241100x8000000000000000333777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21024cf4a42f2a02021-12-21 10:21:56.693root 11241100x8000000000000000333778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddef635feb17ed2a2021-12-21 10:21:56.693root 11241100x8000000000000000333779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c773e52571a6962021-12-21 10:21:56.693root 11241100x8000000000000000333780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844bc738c86457c32021-12-21 10:21:56.693root 11241100x8000000000000000333781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4961592af08bb5b2021-12-21 10:21:56.693root 11241100x8000000000000000333782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea153b27ec88d4d52021-12-21 10:21:56.694root 11241100x8000000000000000333783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e619623089a12f22021-12-21 10:21:56.694root 11241100x8000000000000000333784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d73a8bb3aef552e2021-12-21 10:21:56.694root 11241100x8000000000000000333785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7526c382afbadb92021-12-21 10:21:56.694root 11241100x8000000000000000333786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbbaca2b319cbf32021-12-21 10:21:56.694root 11241100x8000000000000000333787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c199f757450293e62021-12-21 10:21:56.694root 11241100x8000000000000000333788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1538224f5ece53732021-12-21 10:21:56.694root 11241100x8000000000000000333789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936340061918eb0e2021-12-21 10:21:56.694root 11241100x8000000000000000333790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8557ba7767472f182021-12-21 10:21:56.694root 11241100x8000000000000000333791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3f1cbabe4a512c2021-12-21 10:21:56.694root 11241100x8000000000000000333792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4a9f883f0526152021-12-21 10:21:56.694root 11241100x8000000000000000333793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f515bfe56e525be02021-12-21 10:21:56.695root 11241100x8000000000000000333794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8322d02c32181bd2021-12-21 10:21:56.695root 11241100x8000000000000000333795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a89c808add275302021-12-21 10:21:56.695root 11241100x8000000000000000333796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e006960768b43b72021-12-21 10:21:56.695root 11241100x8000000000000000333797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aed95d39f90a6112021-12-21 10:21:56.695root 11241100x8000000000000000333798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a2c3673c656a5d2021-12-21 10:21:56.695root 11241100x8000000000000000333799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5f9a1873c4da082021-12-21 10:21:56.695root 11241100x8000000000000000333800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2912e63d49f0242021-12-21 10:21:56.695root 11241100x8000000000000000333801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c96eb014ebba122021-12-21 10:21:56.695root 11241100x8000000000000000333802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf921ac4b8c36f32021-12-21 10:21:56.696root 11241100x8000000000000000333803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63471b3c428229d82021-12-21 10:21:56.696root 11241100x8000000000000000333804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d86040d73a74d462021-12-21 10:21:56.696root 11241100x8000000000000000333805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27585368c63276f02021-12-21 10:21:56.696root 11241100x8000000000000000333806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c207bfe2a41ad73b2021-12-21 10:21:56.696root 11241100x8000000000000000333807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070cde09070b13a52021-12-21 10:21:56.696root 11241100x8000000000000000333808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c008995881d0772021-12-21 10:21:56.696root 11241100x8000000000000000333809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05f840633201c342021-12-21 10:21:56.696root 11241100x8000000000000000333810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df02807730208732021-12-21 10:21:56.696root 11241100x8000000000000000333811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da2c85377965e252021-12-21 10:21:56.696root 11241100x8000000000000000333812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cab1ff6a09a8f02021-12-21 10:21:57.193root 11241100x8000000000000000333813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c89a75ecd5ad1e92021-12-21 10:21:57.193root 11241100x8000000000000000333814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d0a0431aaeca9a2021-12-21 10:21:57.193root 11241100x8000000000000000333815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e92d020e598945b2021-12-21 10:21:57.193root 11241100x8000000000000000333816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f0e60d21b64aaf2021-12-21 10:21:57.194root 11241100x8000000000000000333817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53415d3b996fcb82021-12-21 10:21:57.194root 11241100x8000000000000000333818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843020460ca4f3d22021-12-21 10:21:57.194root 11241100x8000000000000000333819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a426e426894a0b842021-12-21 10:21:57.194root 11241100x8000000000000000333820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702c8eab4220efe72021-12-21 10:21:57.194root 11241100x8000000000000000333821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bcca03aac7ff9e2021-12-21 10:21:57.194root 11241100x8000000000000000333822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e816ba29cac4e4f72021-12-21 10:21:57.194root 11241100x8000000000000000333823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f076d0c0b369851d2021-12-21 10:21:57.194root 11241100x8000000000000000333824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b74fe77919b876a2021-12-21 10:21:57.194root 11241100x8000000000000000333825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3bfd6b407e8d352021-12-21 10:21:57.195root 11241100x8000000000000000333826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ef673c4a65a6332021-12-21 10:21:57.195root 11241100x8000000000000000333827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d743111a9b8b2f2021-12-21 10:21:57.195root 11241100x8000000000000000333828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28355333d40567f2021-12-21 10:21:57.195root 11241100x8000000000000000333829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5548cdc91bbbe1122021-12-21 10:21:57.195root 11241100x8000000000000000333830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3024271be59da5982021-12-21 10:21:57.195root 11241100x8000000000000000333831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783352ef4783fd862021-12-21 10:21:57.195root 11241100x8000000000000000333832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f39ef0ce71b527c2021-12-21 10:21:57.195root 11241100x8000000000000000333833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf363f4963e696732021-12-21 10:21:57.195root 11241100x8000000000000000333834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbafc050b76a7012021-12-21 10:21:57.195root 11241100x8000000000000000333835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcae0a467c08b8e2021-12-21 10:21:57.196root 11241100x8000000000000000333836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a608ade88a3d9c862021-12-21 10:21:57.196root 11241100x8000000000000000333837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab68a4e50fd039f2021-12-21 10:21:57.196root 11241100x8000000000000000333838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd9e252c2580da72021-12-21 10:21:57.196root 11241100x8000000000000000333839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de024a3e76ec2cd52021-12-21 10:21:57.196root 11241100x8000000000000000333840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb5e412ad6605282021-12-21 10:21:57.196root 11241100x8000000000000000333841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d97564b08ae432f2021-12-21 10:21:57.196root 11241100x8000000000000000333842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc7384907bc634e2021-12-21 10:21:57.196root 11241100x8000000000000000333843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9edf834fbe216212021-12-21 10:21:57.196root 11241100x8000000000000000333844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad9592efcf0a02f2021-12-21 10:21:57.197root 11241100x8000000000000000333845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd381af38777bed2021-12-21 10:21:57.197root 11241100x8000000000000000333846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b40403a11de47222021-12-21 10:21:57.197root 11241100x8000000000000000333847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128d75b0b79747042021-12-21 10:21:57.197root 11241100x8000000000000000333848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456a518c2426f8922021-12-21 10:21:57.197root 11241100x8000000000000000333849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b4c24f4ae703632021-12-21 10:21:57.197root 11241100x8000000000000000333850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef258e3b87272322021-12-21 10:21:57.197root 11241100x8000000000000000333851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a13084ac2ed29d92021-12-21 10:21:57.197root 11241100x8000000000000000333852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b9c63d6076d30c2021-12-21 10:21:57.197root 11241100x8000000000000000333853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51553961712a225a2021-12-21 10:21:57.693root 11241100x8000000000000000333854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11ed6d715c660702021-12-21 10:21:57.693root 11241100x8000000000000000333855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b71d4d5073a4602021-12-21 10:21:57.694root 11241100x8000000000000000333856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02aa4f646ea2d8b2021-12-21 10:21:57.694root 11241100x8000000000000000333857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619d5ebfb338857d2021-12-21 10:21:57.694root 11241100x8000000000000000333858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4415a6e23089a7a32021-12-21 10:21:57.694root 11241100x8000000000000000333859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea3f93f4e8c30032021-12-21 10:21:57.694root 11241100x8000000000000000333860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdabf73db4241eb22021-12-21 10:21:57.695root 11241100x8000000000000000333861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ae59a0a3211aa22021-12-21 10:21:57.695root 11241100x8000000000000000333862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626f077d576f884a2021-12-21 10:21:57.695root 11241100x8000000000000000333863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc258bbf280f94b62021-12-21 10:21:57.695root 11241100x8000000000000000333864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387f873ecb87d01e2021-12-21 10:21:57.695root 11241100x8000000000000000333865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7d45541ee62bda2021-12-21 10:21:57.695root 11241100x8000000000000000333866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e1aef98df46eda2021-12-21 10:21:57.695root 11241100x8000000000000000333867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c033a1e7238ab3ab2021-12-21 10:21:57.696root 11241100x8000000000000000333868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c01020f3d407db2021-12-21 10:21:57.696root 11241100x8000000000000000333869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32614194791f2f92021-12-21 10:21:57.696root 11241100x8000000000000000333870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc32ed046f5786f82021-12-21 10:21:57.696root 11241100x8000000000000000333871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab971a47a4646fc2021-12-21 10:21:57.696root 11241100x8000000000000000333872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165f86d66c8ace962021-12-21 10:21:57.696root 11241100x8000000000000000333873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e50c29c0679915a2021-12-21 10:21:57.696root 11241100x8000000000000000333874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0ed15d1658c5022021-12-21 10:21:57.696root 11241100x8000000000000000333875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e63ab438fe81dce2021-12-21 10:21:57.696root 11241100x8000000000000000333876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b123dcb7260ddab12021-12-21 10:21:57.697root 11241100x8000000000000000333877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765ef712701e17622021-12-21 10:21:57.697root 11241100x8000000000000000333878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f476e8a0c9718a882021-12-21 10:21:57.697root 11241100x8000000000000000333879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9150cf20f771f572021-12-21 10:21:57.697root 11241100x8000000000000000333880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a00d0a6eb681922021-12-21 10:21:57.697root 11241100x8000000000000000333881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72c56d528edf4f42021-12-21 10:21:57.697root 11241100x8000000000000000333882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad98bf6583b37e6f2021-12-21 10:21:57.697root 11241100x8000000000000000333883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347a9dc7da43fd122021-12-21 10:21:57.697root 11241100x8000000000000000333884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3095ee2bd0723e2021-12-21 10:21:57.697root 11241100x8000000000000000333885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df51b14ea4dc56e2021-12-21 10:21:57.697root 11241100x8000000000000000333886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61db362176d43eeb2021-12-21 10:21:57.697root 11241100x8000000000000000333887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc96efb3bb501562021-12-21 10:21:57.697root 11241100x8000000000000000333888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71658ce50f582002021-12-21 10:21:57.697root 11241100x8000000000000000333889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0824aff2ce2f632021-12-21 10:21:57.697root 11241100x8000000000000000333890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0144bca703d7e2302021-12-21 10:21:57.698root 11241100x8000000000000000333891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc10fa29b3ef8f22021-12-21 10:21:57.698root 11241100x8000000000000000333892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d748356095b450ff2021-12-21 10:21:57.698root 11241100x8000000000000000333893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931487858e1805262021-12-21 10:21:57.698root 11241100x8000000000000000333894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc9f010fe5be1d32021-12-21 10:21:57.698root 11241100x8000000000000000333895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811dd9d7dbe7058b2021-12-21 10:21:57.698root 11241100x8000000000000000333896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933344acb3cb58812021-12-21 10:21:57.698root 11241100x8000000000000000333897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feca54b6d9ee63842021-12-21 10:21:57.698root 11241100x8000000000000000333898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436e9f866e992fbe2021-12-21 10:21:57.698root 11241100x8000000000000000333899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a896875669027d2021-12-21 10:21:57.698root 11241100x8000000000000000333900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862353df6a5036062021-12-21 10:21:57.698root 11241100x8000000000000000333901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b731754af0356f2021-12-21 10:21:57.698root 11241100x8000000000000000333902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc9abe2f7e7b50b2021-12-21 10:21:58.193root 11241100x8000000000000000333903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab1521ee47d7f0c2021-12-21 10:21:58.193root 11241100x8000000000000000333904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f0ea97115b3e612021-12-21 10:21:58.193root 11241100x8000000000000000333905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d0f6f46e7b808e2021-12-21 10:21:58.193root 11241100x8000000000000000333906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b226bacf9b2d395c2021-12-21 10:21:58.194root 11241100x8000000000000000333907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a7e199136d5c7b2021-12-21 10:21:58.194root 11241100x8000000000000000333908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2d61954a931f2a2021-12-21 10:21:58.194root 11241100x8000000000000000333909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc179e6891f52c592021-12-21 10:21:58.194root 11241100x8000000000000000333910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a891f637ae7d262021-12-21 10:21:58.194root 11241100x8000000000000000333911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1604b8941b64c0092021-12-21 10:21:58.194root 11241100x8000000000000000333912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7f40a6959346d22021-12-21 10:21:58.194root 11241100x8000000000000000333913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1c5c327d61ba8c2021-12-21 10:21:58.195root 11241100x8000000000000000333914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46bb477255735342021-12-21 10:21:58.195root 11241100x8000000000000000333915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4fc56d03538a232021-12-21 10:21:58.195root 11241100x8000000000000000333916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3670ccbdc5f0eb52021-12-21 10:21:58.195root 11241100x8000000000000000333917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a3ff1134e1e3422021-12-21 10:21:58.195root 11241100x8000000000000000333918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5115191ce4134722021-12-21 10:21:58.195root 11241100x8000000000000000333919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5a4d66b3494d2e2021-12-21 10:21:58.195root 11241100x8000000000000000333920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16133f03640027d2021-12-21 10:21:58.196root 11241100x8000000000000000333921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5f19104b060fef2021-12-21 10:21:58.196root 11241100x8000000000000000333922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4035138af58ad032021-12-21 10:21:58.196root 11241100x8000000000000000333923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458e0ee06fd6131a2021-12-21 10:21:58.196root 11241100x8000000000000000333924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1b1b75c254213e2021-12-21 10:21:58.196root 11241100x8000000000000000333925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4e8538bcc309e12021-12-21 10:21:58.196root 11241100x8000000000000000333926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25edc984a4c57002021-12-21 10:21:58.196root 11241100x8000000000000000333927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42f1dd7921258902021-12-21 10:21:58.196root 11241100x8000000000000000333928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cba38e1cc76a392021-12-21 10:21:58.196root 11241100x8000000000000000333929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d785f0c708af13222021-12-21 10:21:58.196root 11241100x8000000000000000333930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5836e508fb6b5e742021-12-21 10:21:58.196root 11241100x8000000000000000333931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989756d38ba776982021-12-21 10:21:58.197root 11241100x8000000000000000333932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0143df6ce8efa5a72021-12-21 10:21:58.197root 11241100x8000000000000000333933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c66a4cc63560ec2021-12-21 10:21:58.197root 11241100x8000000000000000333934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6de98ce918544db2021-12-21 10:21:58.197root 11241100x8000000000000000333935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d61ee8d9232ec912021-12-21 10:21:58.197root 11241100x8000000000000000333936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd7f1a0402ca12a2021-12-21 10:21:58.197root 11241100x8000000000000000333937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8951d46ad7551b8c2021-12-21 10:21:58.693root 11241100x8000000000000000333938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f056d05e23c0a72021-12-21 10:21:58.693root 11241100x8000000000000000333939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa928083585277ac2021-12-21 10:21:58.694root 11241100x8000000000000000333940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8dd6d488fc7c6b2021-12-21 10:21:58.694root 11241100x8000000000000000333941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e8f9fe2f2332dd2021-12-21 10:21:58.694root 11241100x8000000000000000333942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788faec1fcc26fa42021-12-21 10:21:58.694root 11241100x8000000000000000333943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5562ca07fa8b98542021-12-21 10:21:58.694root 11241100x8000000000000000333944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0053f97e1a6a27872021-12-21 10:21:58.694root 11241100x8000000000000000333945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb13ba666e7ac212021-12-21 10:21:58.694root 11241100x8000000000000000333946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65674e700a3859ac2021-12-21 10:21:58.694root 11241100x8000000000000000333947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ae1823d23bbef42021-12-21 10:21:58.694root 11241100x8000000000000000333948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5875b27a869b092021-12-21 10:21:58.695root 11241100x8000000000000000333949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500cb74941272ff72021-12-21 10:21:58.695root 11241100x8000000000000000333950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3415d76e94e35ed42021-12-21 10:21:58.695root 11241100x8000000000000000333951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4c0d150f2072e42021-12-21 10:21:58.695root 11241100x8000000000000000333952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe335f92f343d0d2021-12-21 10:21:58.696root 11241100x8000000000000000333953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc637e04d93ff2f2021-12-21 10:21:58.696root 11241100x8000000000000000333954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e696900ebabd5cf2021-12-21 10:21:58.696root 11241100x8000000000000000333955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b2bd0e7150bd742021-12-21 10:21:58.696root 11241100x8000000000000000333956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35624663509328422021-12-21 10:21:58.697root 11241100x8000000000000000333957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c474c845146d6302021-12-21 10:21:58.697root 11241100x8000000000000000333958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd9d5ece2ad99d92021-12-21 10:21:58.697root 11241100x8000000000000000333959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82c11dfe172f29a2021-12-21 10:21:58.697root 11241100x8000000000000000333960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9235b8ff55e736b22021-12-21 10:21:58.697root 11241100x8000000000000000333961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8addadf48d84be7c2021-12-21 10:21:58.697root 11241100x8000000000000000333962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ecd67a9f806bb82021-12-21 10:21:58.697root 11241100x8000000000000000333963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ca75382faab6ce2021-12-21 10:21:58.697root 11241100x8000000000000000333964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9beba53f105ffd0c2021-12-21 10:21:58.700root 11241100x8000000000000000333965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e886d6baef7cf25e2021-12-21 10:21:58.700root 11241100x8000000000000000333966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015beeb32771f0122021-12-21 10:21:58.700root 11241100x8000000000000000333967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3fd80e0f7ca2232021-12-21 10:21:58.700root 11241100x8000000000000000333968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f04071e72b94cad2021-12-21 10:21:58.700root 11241100x8000000000000000333969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28700cc92d6efd112021-12-21 10:21:58.700root 11241100x8000000000000000333970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b053f26352bd532021-12-21 10:21:58.701root 11241100x8000000000000000333971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b8bb2bd181c3032021-12-21 10:21:58.701root 11241100x8000000000000000333972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07b1e38266e071f2021-12-21 10:21:59.193root 11241100x8000000000000000333973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4317a71b1c8ec72021-12-21 10:21:59.194root 11241100x8000000000000000333974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de4436ae5fb2dff2021-12-21 10:21:59.194root 11241100x8000000000000000333975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40607c23411ea6602021-12-21 10:21:59.194root 11241100x8000000000000000333976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9bad319200e8162021-12-21 10:21:59.195root 11241100x8000000000000000333977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d998e6edd324c32021-12-21 10:21:59.195root 11241100x8000000000000000333978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d13071fe8ce4392021-12-21 10:21:59.195root 11241100x8000000000000000333979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6df5ef596889eb2021-12-21 10:21:59.195root 11241100x8000000000000000333980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a113eab0f29bd3b2021-12-21 10:21:59.195root 11241100x8000000000000000333981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d8e64543940e182021-12-21 10:21:59.195root 11241100x8000000000000000333982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1c322da8abf9382021-12-21 10:21:59.195root 11241100x8000000000000000333983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1b8ffd63aae7342021-12-21 10:21:59.195root 11241100x8000000000000000333984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682ecf56d5678ece2021-12-21 10:21:59.196root 11241100x8000000000000000333985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f234392ca6a48aa2021-12-21 10:21:59.196root 11241100x8000000000000000333986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7794c8b989aba582021-12-21 10:21:59.196root 11241100x8000000000000000333987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2b40726fe8c8dd2021-12-21 10:21:59.196root 11241100x8000000000000000333988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a469661ccb0322ca2021-12-21 10:21:59.196root 11241100x8000000000000000333989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dae45a795a29a8e2021-12-21 10:21:59.196root 11241100x8000000000000000333990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae01d3001860fa92021-12-21 10:21:59.196root 11241100x8000000000000000333991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4379ef054c2fdf982021-12-21 10:21:59.196root 11241100x8000000000000000333992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ce4fc23860f10d2021-12-21 10:21:59.197root 11241100x8000000000000000333993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f88d60773d63cb2021-12-21 10:21:59.197root 11241100x8000000000000000333994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b4d6083174874d2021-12-21 10:21:59.197root 11241100x8000000000000000333995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e4ba50de7633da2021-12-21 10:21:59.197root 11241100x8000000000000000333996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069901399689d0122021-12-21 10:21:59.197root 11241100x8000000000000000333997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f280de77e8dcc82021-12-21 10:21:59.197root 11241100x8000000000000000333998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7d789713989ca42021-12-21 10:21:59.197root 11241100x8000000000000000333999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7539b6ac4ac321d2021-12-21 10:21:59.197root 11241100x8000000000000000334000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc1b3fb59bd5c5c2021-12-21 10:21:59.197root 11241100x8000000000000000334001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b3c39f17ec31c62021-12-21 10:21:59.198root 11241100x8000000000000000334002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d3b59b8584249a2021-12-21 10:21:59.198root 11241100x8000000000000000334003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33116a2e426085022021-12-21 10:21:59.198root 11241100x8000000000000000334004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15968e45cefaac72021-12-21 10:21:59.198root 11241100x8000000000000000334005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c512ec0118add38d2021-12-21 10:21:59.198root 11241100x8000000000000000334006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc6bf71a197e48c2021-12-21 10:21:59.198root 11241100x8000000000000000334007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320eb0a401bc987f2021-12-21 10:21:59.198root 11241100x8000000000000000334008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f236c21c0d951b52021-12-21 10:21:59.693root 11241100x8000000000000000334009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d6091f5f56230c2021-12-21 10:21:59.693root 11241100x8000000000000000334010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f052a53e4859b322021-12-21 10:21:59.693root 11241100x8000000000000000334011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a596b6b093734aa22021-12-21 10:21:59.694root 11241100x8000000000000000334012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cbe5f2d6335a4e2021-12-21 10:21:59.694root 11241100x8000000000000000334013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5492c8e44f18b872021-12-21 10:21:59.694root 11241100x8000000000000000334014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ea47df3136f8152021-12-21 10:21:59.694root 11241100x8000000000000000334015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b292804eb8a03782021-12-21 10:21:59.695root 11241100x8000000000000000334016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bda104da5b050782021-12-21 10:21:59.695root 11241100x8000000000000000334017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0b3596d0163e772021-12-21 10:21:59.695root 11241100x8000000000000000334018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541d65540b9537e12021-12-21 10:21:59.696root 11241100x8000000000000000334019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa981ab0b3260ce62021-12-21 10:21:59.696root 11241100x8000000000000000334020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a2559f851a03952021-12-21 10:21:59.696root 11241100x8000000000000000334021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b9eb2556e1a0022021-12-21 10:21:59.696root 11241100x8000000000000000334022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12203d7c21a39d652021-12-21 10:21:59.697root 11241100x8000000000000000334023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51cfd321ff7621f2021-12-21 10:21:59.697root 11241100x8000000000000000334024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfc41c9089151ff2021-12-21 10:21:59.697root 11241100x8000000000000000334025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a75e964d3593b72021-12-21 10:21:59.697root 11241100x8000000000000000334026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b22c64954ba2162021-12-21 10:21:59.697root 11241100x8000000000000000334027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712ff9fbb914b5d52021-12-21 10:21:59.697root 11241100x8000000000000000334028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c36f14405cd94b2021-12-21 10:21:59.698root 11241100x8000000000000000334029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c130cc77744507d2021-12-21 10:21:59.698root 11241100x8000000000000000334030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e516310460a8152021-12-21 10:21:59.698root 11241100x8000000000000000334031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8003155b565435b22021-12-21 10:21:59.698root 11241100x8000000000000000334032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8ce2a136796d8b2021-12-21 10:21:59.698root 11241100x8000000000000000334033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffff1f698e7f43ed2021-12-21 10:21:59.698root 11241100x8000000000000000334034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefbe84ec613fbac2021-12-21 10:21:59.698root 11241100x8000000000000000334035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99946cb6f57812932021-12-21 10:21:59.698root 11241100x8000000000000000334036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c28eedeb62ae352021-12-21 10:21:59.699root 11241100x8000000000000000334037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02464d691d18d5462021-12-21 10:21:59.699root 11241100x8000000000000000334038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc08d86348a9aa012021-12-21 10:21:59.699root 11241100x8000000000000000334039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7811c9cb211c5c32021-12-21 10:21:59.699root 11241100x8000000000000000334040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbb956a27f02df72021-12-21 10:21:59.699root 11241100x8000000000000000334041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f2afa6d4b079fc2021-12-21 10:21:59.699root 11241100x8000000000000000334042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f947f41698bf802021-12-21 10:21:59.699root 11241100x8000000000000000334043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cf6805e88d585e2021-12-21 10:21:59.699root 11241100x8000000000000000334044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c275ac7aac39b02f2021-12-21 10:21:59.700root 11241100x8000000000000000334045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc09a5cd36c964a2021-12-21 10:21:59.700root 354300x8000000000000000334046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.079{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-46994-false10.0.1.12-8000- 11241100x8000000000000000334047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f77e652e5b370082021-12-21 10:22:00.080root 11241100x8000000000000000334048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6eb0ba19984a752021-12-21 10:22:00.080root 11241100x8000000000000000334049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358aa5fdde69c0d02021-12-21 10:22:00.080root 11241100x8000000000000000334050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c8ab342ef691742021-12-21 10:22:00.080root 11241100x8000000000000000334051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67efe982e09ffda82021-12-21 10:22:00.080root 11241100x8000000000000000334052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc3d4b8e6d3a6c92021-12-21 10:22:00.080root 11241100x8000000000000000334053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202f6c9590fe16c82021-12-21 10:22:00.080root 11241100x8000000000000000334054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9628974d45b586f2021-12-21 10:22:00.081root 11241100x8000000000000000334055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635137423efecf1f2021-12-21 10:22:00.081root 11241100x8000000000000000334056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb0ca5f1228d6ac2021-12-21 10:22:00.081root 11241100x8000000000000000334057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754a0d7df2d50e5d2021-12-21 10:22:00.081root 11241100x8000000000000000334058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3daa0e33751daa5d2021-12-21 10:22:00.081root 11241100x8000000000000000334059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18c3df6b471a61d2021-12-21 10:22:00.081root 11241100x8000000000000000334060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc781b9ddfc8752f2021-12-21 10:22:00.081root 11241100x8000000000000000334061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec16ef4daab395e12021-12-21 10:22:00.081root 11241100x8000000000000000334062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf8da73446980f42021-12-21 10:22:00.082root 11241100x8000000000000000334063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701b829a67f66b5d2021-12-21 10:22:00.082root 11241100x8000000000000000334064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45da942eb021e8512021-12-21 10:22:00.082root 11241100x8000000000000000334065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57652987d48d5eb82021-12-21 10:22:00.082root 11241100x8000000000000000334066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626c7b00799e3e5c2021-12-21 10:22:00.082root 11241100x8000000000000000334067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeba7b7a983c34b32021-12-21 10:22:00.082root 11241100x8000000000000000334068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3f1445e70d16942021-12-21 10:22:00.082root 11241100x8000000000000000334069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d43e8f61f1b11202021-12-21 10:22:00.082root 11241100x8000000000000000334070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c83d32b8529b852021-12-21 10:22:00.083root 11241100x8000000000000000334071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1050976cdb84fd2021-12-21 10:22:00.083root 11241100x8000000000000000334072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390e5436be50708b2021-12-21 10:22:00.083root 11241100x8000000000000000334073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c549603ccab9ca6e2021-12-21 10:22:00.083root 11241100x8000000000000000334074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a42a00dec75e7a2021-12-21 10:22:00.083root 11241100x8000000000000000334075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2bcf75d2608c812021-12-21 10:22:00.084root 11241100x8000000000000000334076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca24d57ad5df3e042021-12-21 10:22:00.084root 11241100x8000000000000000334077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8ffd56678bf8662021-12-21 10:22:00.084root 11241100x8000000000000000334078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac4f88a682eddda2021-12-21 10:22:00.084root 11241100x8000000000000000334079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de81a4fea07fb132021-12-21 10:22:00.084root 11241100x8000000000000000334080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958d1eb46f8106d52021-12-21 10:22:00.084root 11241100x8000000000000000334081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a3c358c22ad1212021-12-21 10:22:00.084root 11241100x8000000000000000334082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072e1b666468934c2021-12-21 10:22:00.084root 11241100x8000000000000000334083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecac241e4aa72f792021-12-21 10:22:00.084root 11241100x8000000000000000334084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0720c345f5dc3c2021-12-21 10:22:00.084root 11241100x8000000000000000334085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8933bbac347724662021-12-21 10:22:00.085root 11241100x8000000000000000334086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c779efb3e9381ed42021-12-21 10:22:00.085root 11241100x8000000000000000334087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9022ec3d265057ba2021-12-21 10:22:00.085root 11241100x8000000000000000334088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecb5fdcb73415c12021-12-21 10:22:00.085root 11241100x8000000000000000334089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4886855434cb4442021-12-21 10:22:00.085root 11241100x8000000000000000334090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9bd9f172cab7822021-12-21 10:22:00.085root 11241100x8000000000000000334091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864e884b1986e7942021-12-21 10:22:00.085root 11241100x8000000000000000334092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1629397ae54f7fc92021-12-21 10:22:00.085root 11241100x8000000000000000334093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8dfbb2592aeeea92021-12-21 10:22:00.086root 11241100x8000000000000000334094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c56df5b7aaf31a62021-12-21 10:22:00.086root 11241100x8000000000000000334095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75169e9a1d7c7462021-12-21 10:22:00.086root 11241100x8000000000000000334096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9343b6268cd2d0162021-12-21 10:22:00.086root 11241100x8000000000000000334097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f54fdfda5eb43a2021-12-21 10:22:00.086root 11241100x8000000000000000334098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b69c6178e311e92021-12-21 10:22:00.086root 11241100x8000000000000000334099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92a4d0e4dee46612021-12-21 10:22:00.086root 11241100x8000000000000000334100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8221e685112128a2021-12-21 10:22:00.087root 11241100x8000000000000000334101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4cba02a169712d2021-12-21 10:22:00.087root 11241100x8000000000000000334102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8b260d37e26f8c2021-12-21 10:22:00.087root 11241100x8000000000000000334103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea310ab144fd3672021-12-21 10:22:00.087root 11241100x8000000000000000334104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854df210e77a4a5e2021-12-21 10:22:00.087root 11241100x8000000000000000334105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21811990576c312b2021-12-21 10:22:00.087root 11241100x8000000000000000334106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e552067294efe2df2021-12-21 10:22:00.087root 11241100x8000000000000000334107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26534cd8d02fcb802021-12-21 10:22:00.087root 11241100x8000000000000000334108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92ed92f4afb3b2c2021-12-21 10:22:00.087root 11241100x8000000000000000334109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264a0ce782104ef32021-12-21 10:22:00.087root 11241100x8000000000000000334110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101e5fb507b11def2021-12-21 10:22:00.087root 11241100x8000000000000000334111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1687905768b83372021-12-21 10:22:00.088root 11241100x8000000000000000334112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d366b9071b26802021-12-21 10:22:00.088root 11241100x8000000000000000334113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e67df854599386e2021-12-21 10:22:00.088root 11241100x8000000000000000334114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8de9c344a33ba22021-12-21 10:22:00.088root 11241100x8000000000000000334115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f658da8aa957aa62021-12-21 10:22:00.088root 11241100x8000000000000000334116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae7feb7406fd3b12021-12-21 10:22:00.088root 11241100x8000000000000000334117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bdd34a1d3cdd902021-12-21 10:22:00.088root 11241100x8000000000000000334118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fa0ce1040f73772021-12-21 10:22:00.089root 11241100x8000000000000000334119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3273a7d1f9045eea2021-12-21 10:22:00.089root 11241100x8000000000000000334120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0047996e78a5e0ef2021-12-21 10:22:00.089root 11241100x8000000000000000334121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7ee6ceb6cbca402021-12-21 10:22:00.443root 11241100x8000000000000000334122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323ebfef3d67f39a2021-12-21 10:22:00.443root 11241100x8000000000000000334123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdbf0ccd6be19172021-12-21 10:22:00.443root 11241100x8000000000000000334124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d4c9ac226c83ff2021-12-21 10:22:00.443root 11241100x8000000000000000334125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e862e7a42977ec2021-12-21 10:22:00.443root 11241100x8000000000000000334126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecb5d0cf85adf632021-12-21 10:22:00.443root 11241100x8000000000000000334127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8eb56d496ec11492021-12-21 10:22:00.443root 11241100x8000000000000000334128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d69b1fe41f114e2021-12-21 10:22:00.443root 11241100x8000000000000000334129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbf00563808a12c2021-12-21 10:22:00.444root 11241100x8000000000000000334130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85af9a0e62f50142021-12-21 10:22:00.444root 11241100x8000000000000000334131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bef554e614c5bf2021-12-21 10:22:00.445root 11241100x8000000000000000334132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69df0b06a6e1fcd62021-12-21 10:22:00.445root 11241100x8000000000000000334133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b342627ef4c7c712021-12-21 10:22:00.445root 11241100x8000000000000000334134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d071318ebb1476e72021-12-21 10:22:00.446root 11241100x8000000000000000334135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388354251223c5142021-12-21 10:22:00.446root 11241100x8000000000000000334136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c607557b85ea6832021-12-21 10:22:00.446root 11241100x8000000000000000334137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5a8027c95b56722021-12-21 10:22:00.446root 11241100x8000000000000000334138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b479f21ee34d73c12021-12-21 10:22:00.447root 11241100x8000000000000000334139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e0b7d7b822a6c12021-12-21 10:22:00.447root 11241100x8000000000000000334140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc0bc41cb87f0be2021-12-21 10:22:00.447root 11241100x8000000000000000334141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134986f6e54d8c8b2021-12-21 10:22:00.447root 11241100x8000000000000000334142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4fa61bea7309932021-12-21 10:22:00.447root 11241100x8000000000000000334143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fa2c37c93b5d222021-12-21 10:22:00.448root 11241100x8000000000000000334144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db49a9f7945a43702021-12-21 10:22:00.448root 11241100x8000000000000000334145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7517b66735fd6ed2021-12-21 10:22:00.448root 11241100x8000000000000000334146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d48971555fff8f2021-12-21 10:22:00.448root 11241100x8000000000000000334147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4eec25c9d6c5e42021-12-21 10:22:00.448root 11241100x8000000000000000334148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43a48df875f32d32021-12-21 10:22:00.449root 11241100x8000000000000000334149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fd8a43bca56f132021-12-21 10:22:00.449root 11241100x8000000000000000334150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904415d900c068d82021-12-21 10:22:00.449root 11241100x8000000000000000334151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b23b67658810702021-12-21 10:22:00.449root 11241100x8000000000000000334152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd51745b33513b02021-12-21 10:22:00.449root 11241100x8000000000000000334153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa5b0b2e41cd51f2021-12-21 10:22:00.450root 11241100x8000000000000000334154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b267628a7f3219a2021-12-21 10:22:00.450root 11241100x8000000000000000334155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa5654e0d0965dc2021-12-21 10:22:00.450root 11241100x8000000000000000334156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e97827324a21652021-12-21 10:22:00.450root 11241100x8000000000000000334157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb41b475326ff8a2021-12-21 10:22:00.451root 11241100x8000000000000000334158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c30709b317708aa2021-12-21 10:22:00.451root 11241100x8000000000000000334159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945aec5c89c781a92021-12-21 10:22:00.451root 11241100x8000000000000000334160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474b7308d251828e2021-12-21 10:22:00.451root 11241100x8000000000000000334161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaff8fed97caec2b2021-12-21 10:22:00.451root 11241100x8000000000000000334162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9a255f003b62da2021-12-21 10:22:00.451root 11241100x8000000000000000334163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f51676ade7a2a922021-12-21 10:22:00.451root 11241100x8000000000000000334164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245804d899efd0ad2021-12-21 10:22:00.452root 11241100x8000000000000000334165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.698{ec2b6afe-aac8-61c1-e0f7-1f3839560000}5584/usr/sbin/sshd/proc/5584/oom_score_adj2021-12-21 10:22:00.698root 154100x8000000000000000334166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.698{ec2b6afe-aac8-61c1-e0a7-07c689550000}5584/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1173--- 11241100x8000000000000000334167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45353193cc20f6562021-12-21 10:22:00.699root 11241100x8000000000000000334168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9c2752f60149f12021-12-21 10:22:00.699root 11241100x8000000000000000334169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c41a9a328ed83ed2021-12-21 10:22:00.700root 11241100x8000000000000000334170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac45b72d793b5a92021-12-21 10:22:00.700root 11241100x8000000000000000334171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f42d0f62e5fb452021-12-21 10:22:00.700root 11241100x8000000000000000334172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c80128b6ed2f4c72021-12-21 10:22:00.700root 11241100x8000000000000000334173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f050f57b432f25262021-12-21 10:22:00.701root 11241100x8000000000000000334174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24368f98a70ed5572021-12-21 10:22:00.701root 11241100x8000000000000000334175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7835c2b5854b29b92021-12-21 10:22:00.701root 11241100x8000000000000000334176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43294487c23844d02021-12-21 10:22:00.702root 11241100x8000000000000000334177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e41d00475ad7ea42021-12-21 10:22:00.702root 11241100x8000000000000000334178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04600ff9011b65262021-12-21 10:22:00.703root 11241100x8000000000000000334179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0494c4e285a32e32021-12-21 10:22:00.703root 11241100x8000000000000000334180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fe910392c1c2da2021-12-21 10:22:00.704root 11241100x8000000000000000334181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cf8ed782b416822021-12-21 10:22:00.704root 11241100x8000000000000000334182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d428e3df604c848f2021-12-21 10:22:00.704root 11241100x8000000000000000334183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f79c83d4ee043222021-12-21 10:22:00.704root 11241100x8000000000000000334184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc5d06baeb1a6a22021-12-21 10:22:00.704root 11241100x8000000000000000334185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148a62cfe2e3a3232021-12-21 10:22:00.705root 11241100x8000000000000000334186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436caa514077c8e32021-12-21 10:22:00.705root 11241100x8000000000000000334187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbe05638d20664b2021-12-21 10:22:00.705root 11241100x8000000000000000334188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3311dcbe2666fa372021-12-21 10:22:00.705root 11241100x8000000000000000334189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee0edeecec389d12021-12-21 10:22:00.705root 11241100x8000000000000000334190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d50d7aa716375a2021-12-21 10:22:00.706root 11241100x8000000000000000334191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecdc0e7da95310c2021-12-21 10:22:00.706root 11241100x8000000000000000334192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fab4a3b94742a612021-12-21 10:22:00.706root 11241100x8000000000000000334193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92823a7827c1b5d2021-12-21 10:22:00.706root 11241100x8000000000000000334194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93caf4962bd2fc322021-12-21 10:22:00.706root 11241100x8000000000000000334195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fab0a5f1613dd52021-12-21 10:22:00.707root 11241100x8000000000000000334196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5fe6f1328456212021-12-21 10:22:00.707root 11241100x8000000000000000334197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37063a7aeddcf662021-12-21 10:22:00.707root 11241100x8000000000000000334198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5985897162d23ee2021-12-21 10:22:00.707root 11241100x8000000000000000334199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dea30c7c1f42ed92021-12-21 10:22:00.707root 11241100x8000000000000000334200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101669c10e90c1d32021-12-21 10:22:00.707root 11241100x8000000000000000334201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f9646b99519c972021-12-21 10:22:00.707root 11241100x8000000000000000334202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fa037a958b11192021-12-21 10:22:00.708root 11241100x8000000000000000334203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6002baaad63aab052021-12-21 10:22:00.708root 11241100x8000000000000000334204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc371b51dc347d92021-12-21 10:22:00.708root 11241100x8000000000000000334205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1f3d40bbaf17232021-12-21 10:22:00.708root 11241100x8000000000000000334206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c03cffaafcb7b982021-12-21 10:22:00.708root 11241100x8000000000000000334207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101f81709f4e45862021-12-21 10:22:00.708root 11241100x8000000000000000334208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46df958489d889b02021-12-21 10:22:00.708root 11241100x8000000000000000334209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fe901161cd929c2021-12-21 10:22:00.708root 11241100x8000000000000000334210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3c11f828a703482021-12-21 10:22:00.708root 11241100x8000000000000000334211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e421ac802e989b1a2021-12-21 10:22:00.709root 11241100x8000000000000000334212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db23edb17a8e22e82021-12-21 10:22:00.709root 11241100x8000000000000000334213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7588baae7036f8f2021-12-21 10:22:00.709root 11241100x8000000000000000334214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e04d69cad0db0cc2021-12-21 10:22:00.709root 11241100x8000000000000000334215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ece4c809c7f60a92021-12-21 10:22:00.709root 11241100x8000000000000000334216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4316e4e75c2784572021-12-21 10:22:01.193root 11241100x8000000000000000334217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60e0ec25c9bea192021-12-21 10:22:01.193root 11241100x8000000000000000334218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14346788b3db40742021-12-21 10:22:01.193root 11241100x8000000000000000334219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4ee31b52f5b9742021-12-21 10:22:01.193root 11241100x8000000000000000334220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f60c3df470eb2ae2021-12-21 10:22:01.194root 11241100x8000000000000000334221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25626ada69c284d52021-12-21 10:22:01.194root 11241100x8000000000000000334222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6cfbf2ae26845c2021-12-21 10:22:01.194root 11241100x8000000000000000334223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbb2a34ff943efe2021-12-21 10:22:01.194root 11241100x8000000000000000334224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f19c727e2de6322021-12-21 10:22:01.194root 11241100x8000000000000000334225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbabc1cb6b68a232021-12-21 10:22:01.194root 11241100x8000000000000000334226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee4c244a890adcb2021-12-21 10:22:01.194root 11241100x8000000000000000334227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21a7d524740eea72021-12-21 10:22:01.195root 11241100x8000000000000000334228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9c162d880231852021-12-21 10:22:01.195root 11241100x8000000000000000334229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f20a292018a98e12021-12-21 10:22:01.195root 11241100x8000000000000000334230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb0613f566f4eef2021-12-21 10:22:01.195root 11241100x8000000000000000334231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3c2669bd3b53b72021-12-21 10:22:01.195root 11241100x8000000000000000334232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff44834c28688b12021-12-21 10:22:01.195root 11241100x8000000000000000334233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d8f4a295bad6e72021-12-21 10:22:01.195root 11241100x8000000000000000334234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a912e62dc81b94442021-12-21 10:22:01.196root 11241100x8000000000000000334235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a857530d4dbf892b2021-12-21 10:22:01.196root 11241100x8000000000000000334236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54697f2d9218a4a2021-12-21 10:22:01.196root 11241100x8000000000000000334237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670473428910a8322021-12-21 10:22:01.196root 11241100x8000000000000000334238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731b153a74dcd6d52021-12-21 10:22:01.196root 11241100x8000000000000000334239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe646241451ff4032021-12-21 10:22:01.196root 11241100x8000000000000000334240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bac6b9abb7d0cb32021-12-21 10:22:01.196root 11241100x8000000000000000334241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327b6cd9e756f7fe2021-12-21 10:22:01.197root 11241100x8000000000000000334242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13f5670548eb42c2021-12-21 10:22:01.197root 11241100x8000000000000000334243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd80ebc5613b383d2021-12-21 10:22:01.197root 11241100x8000000000000000334244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9812ac57f9b3f3b2021-12-21 10:22:01.197root 11241100x8000000000000000334245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fa95b22c1e849f2021-12-21 10:22:01.197root 11241100x8000000000000000334246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71494daddbcc363d2021-12-21 10:22:01.197root 11241100x8000000000000000334247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81130411fa9244aa2021-12-21 10:22:01.198root 11241100x8000000000000000334248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cea6d058cab97a2021-12-21 10:22:01.198root 11241100x8000000000000000334249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5055d9800688b6732021-12-21 10:22:01.198root 11241100x8000000000000000334250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34413c2480e60e9e2021-12-21 10:22:01.198root 11241100x8000000000000000334251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38ef5fd1006a7152021-12-21 10:22:01.198root 11241100x8000000000000000334252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54c422b0c9fcbe12021-12-21 10:22:01.198root 11241100x8000000000000000334253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b4de3bfce120d42021-12-21 10:22:01.198root 11241100x8000000000000000334254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b480762fc2ad14f52021-12-21 10:22:01.199root 11241100x8000000000000000334255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e14152abe1e2fed2021-12-21 10:22:01.199root 11241100x8000000000000000334256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697521ed688d93942021-12-21 10:22:01.199root 11241100x8000000000000000334257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d765b392816db82021-12-21 10:22:01.199root 11241100x8000000000000000334258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487daf348a4fe79b2021-12-21 10:22:01.199root 11241100x8000000000000000334259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ecf13793757e2a2021-12-21 10:22:01.199root 11241100x8000000000000000334260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a04813f330d2782021-12-21 10:22:01.199root 11241100x8000000000000000334261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7100702715357642021-12-21 10:22:01.199root 11241100x8000000000000000334262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef753ad331f50e52021-12-21 10:22:01.200root 11241100x8000000000000000334263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbc29abe74496302021-12-21 10:22:01.200root 11241100x8000000000000000334264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df01f28bc1f199542021-12-21 10:22:01.200root 11241100x8000000000000000334265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d3c2e09e624cd82021-12-21 10:22:01.200root 11241100x8000000000000000334266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b024538cdaba38e2021-12-21 10:22:01.200root 11241100x8000000000000000334267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebb78a32752d42f2021-12-21 10:22:01.200root 11241100x8000000000000000334268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ffbc4c25cbf0a32021-12-21 10:22:01.200root 11241100x8000000000000000334269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5443a5de3fa4e4172021-12-21 10:22:01.200root 11241100x8000000000000000334270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d470c78c13817062021-12-21 10:22:01.200root 11241100x8000000000000000334271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248df5a07ab2d1ae2021-12-21 10:22:01.200root 11241100x8000000000000000334272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c3dac88dade82e2021-12-21 10:22:01.201root 11241100x8000000000000000334273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e4791a851bfee42021-12-21 10:22:01.693root 11241100x8000000000000000334274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72f21475453a13a2021-12-21 10:22:01.693root 11241100x8000000000000000334275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006acfa6ad84dbd02021-12-21 10:22:01.693root 11241100x8000000000000000334276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2537b81a30b65bd2021-12-21 10:22:01.693root 11241100x8000000000000000334277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca5e24d977288692021-12-21 10:22:01.693root 11241100x8000000000000000334278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250aa9dcce4314032021-12-21 10:22:01.693root 11241100x8000000000000000334279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffc48cb30d69e042021-12-21 10:22:01.693root 11241100x8000000000000000334280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0473499a87f938482021-12-21 10:22:01.693root 11241100x8000000000000000334281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a756ef074d6f0b2021-12-21 10:22:01.693root 11241100x8000000000000000334282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556507ca15b4dbe12021-12-21 10:22:01.693root 11241100x8000000000000000334283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882cae877b08ffd32021-12-21 10:22:01.693root 11241100x8000000000000000334284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d11e4e9b51a59112021-12-21 10:22:01.693root 11241100x8000000000000000334285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae67694412bb025c2021-12-21 10:22:01.694root 11241100x8000000000000000334286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0638019ff8714db72021-12-21 10:22:01.694root 11241100x8000000000000000334287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8225acea59e90c2021-12-21 10:22:01.694root 11241100x8000000000000000334288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16a1883645f53112021-12-21 10:22:01.694root 11241100x8000000000000000334289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b0a35cb74a10d52021-12-21 10:22:01.694root 11241100x8000000000000000334290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4580851f106dceb2021-12-21 10:22:01.694root 11241100x8000000000000000334291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db7e714204118232021-12-21 10:22:01.694root 11241100x8000000000000000334292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601ecbb8eaeb64972021-12-21 10:22:01.694root 11241100x8000000000000000334293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbef4f14f0a7bae22021-12-21 10:22:01.695root 11241100x8000000000000000334294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bc7098e521a7712021-12-21 10:22:01.695root 11241100x8000000000000000334295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f4e461ed13c48c2021-12-21 10:22:01.695root 11241100x8000000000000000334296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4775b3023e767a42021-12-21 10:22:01.695root 11241100x8000000000000000334297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6909addda7466b2021-12-21 10:22:01.695root 11241100x8000000000000000334298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3361be38e5c9ea22021-12-21 10:22:01.695root 11241100x8000000000000000334299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650d30b8b89ef4112021-12-21 10:22:01.696root 11241100x8000000000000000334300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ed4bbe33641c1c2021-12-21 10:22:01.696root 11241100x8000000000000000334301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f99131643b64212021-12-21 10:22:01.696root 11241100x8000000000000000334302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd316bca0f030262021-12-21 10:22:01.696root 11241100x8000000000000000334303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439d3c992640260f2021-12-21 10:22:01.696root 11241100x8000000000000000334304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d30b72f2ae20422021-12-21 10:22:01.696root 11241100x8000000000000000334305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934892df2b46b4fd2021-12-21 10:22:01.696root 11241100x8000000000000000334306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b44092b42a5b0f12021-12-21 10:22:01.696root 11241100x8000000000000000334307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0007d5990eba7c022021-12-21 10:22:01.697root 11241100x8000000000000000334308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7182095fb5b4f32021-12-21 10:22:01.697root 11241100x8000000000000000334309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e654360de0694cc2021-12-21 10:22:01.697root 11241100x8000000000000000334310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d67927c8ffff7382021-12-21 10:22:01.697root 11241100x8000000000000000334311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4a3815fff14c212021-12-21 10:22:01.697root 11241100x8000000000000000334312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1f8849c19a44642021-12-21 10:22:01.697root 11241100x8000000000000000334313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c8facdf14b00fa2021-12-21 10:22:01.697root 11241100x8000000000000000334314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b76c78288149c32021-12-21 10:22:01.697root 11241100x8000000000000000334315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6143350f9746dd632021-12-21 10:22:01.697root 11241100x8000000000000000334316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9b44c77b3ed59e2021-12-21 10:22:01.698root 11241100x8000000000000000334317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ad9163ce7e640a2021-12-21 10:22:01.698root 11241100x8000000000000000334318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18d5f977a600c372021-12-21 10:22:01.698root 11241100x8000000000000000334319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c050d1cdc2eded72021-12-21 10:22:01.698root 11241100x8000000000000000334320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950945a0920fa27e2021-12-21 10:22:01.698root 11241100x8000000000000000334321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fef0f36eed75cbd2021-12-21 10:22:01.698root 11241100x8000000000000000334322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6b4c31f83ef43d2021-12-21 10:22:01.698root 11241100x8000000000000000334323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db18950e0b0c9aee2021-12-21 10:22:01.699root 11241100x8000000000000000334324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ec531f8c64db942021-12-21 10:22:01.699root 11241100x8000000000000000334325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96eec9a6de50aafb2021-12-21 10:22:01.699root 11241100x8000000000000000334326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999a9759e5a7dbf12021-12-21 10:22:01.699root 11241100x8000000000000000334327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45282abb2d2b4b402021-12-21 10:22:01.699root 11241100x8000000000000000334328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f40db53472529f22021-12-21 10:22:01.699root 11241100x8000000000000000334329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def07e7c0c2705112021-12-21 10:22:01.700root 11241100x8000000000000000334330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffbd4eb70fd4aca2021-12-21 10:22:01.700root 11241100x8000000000000000334331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb58c6feb6a6a9ab2021-12-21 10:22:01.700root 11241100x8000000000000000334332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9eb11d0447b8ed92021-12-21 10:22:01.700root 11241100x8000000000000000334333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78f19a254fc85152021-12-21 10:22:02.193root 11241100x8000000000000000334334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed3ff352050a1e72021-12-21 10:22:02.193root 11241100x8000000000000000334335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38af0936e41f38b22021-12-21 10:22:02.193root 11241100x8000000000000000334336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95685e343fa60ed62021-12-21 10:22:02.193root 11241100x8000000000000000334337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30e20ad3ce2a1352021-12-21 10:22:02.193root 11241100x8000000000000000334338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2593e606928b93bc2021-12-21 10:22:02.194root 11241100x8000000000000000334339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d3e58c8493fa4d2021-12-21 10:22:02.194root 11241100x8000000000000000334340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbe1f5c60507ab72021-12-21 10:22:02.194root 11241100x8000000000000000334341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddc9a82830aadf82021-12-21 10:22:02.194root 11241100x8000000000000000334342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb773f0e02cace72021-12-21 10:22:02.194root 11241100x8000000000000000334343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c02b4e0c21a8382021-12-21 10:22:02.194root 11241100x8000000000000000334344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d50f7c67c4fd902021-12-21 10:22:02.194root 11241100x8000000000000000334345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbeccf49bda78c62021-12-21 10:22:02.194root 11241100x8000000000000000334346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc74cacfa4f2c0542021-12-21 10:22:02.194root 11241100x8000000000000000334347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63815c999df5fcbe2021-12-21 10:22:02.195root 11241100x8000000000000000334348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c71258204cc61b2021-12-21 10:22:02.195root 11241100x8000000000000000334349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc5de8364fa66c62021-12-21 10:22:02.195root 11241100x8000000000000000334350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf6272c666fd9972021-12-21 10:22:02.195root 11241100x8000000000000000334351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70eeacbb35b22db12021-12-21 10:22:02.195root 11241100x8000000000000000334352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733f296ce228961d2021-12-21 10:22:02.196root 11241100x8000000000000000334353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7695198465e5da882021-12-21 10:22:02.196root 11241100x8000000000000000334354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d722a18063a2c4b2021-12-21 10:22:02.196root 11241100x8000000000000000334355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2328a291d7ef89052021-12-21 10:22:02.196root 11241100x8000000000000000334356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7616c103a6d09b2021-12-21 10:22:02.196root 11241100x8000000000000000334357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e218f19d410172fd2021-12-21 10:22:02.196root 11241100x8000000000000000334358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53774c5248e9cac72021-12-21 10:22:02.196root 11241100x8000000000000000334359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847f1b5538a2a66c2021-12-21 10:22:02.196root 11241100x8000000000000000334360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee64ab46fd958c82021-12-21 10:22:02.196root 11241100x8000000000000000334361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48843b21b2ce4a1f2021-12-21 10:22:02.196root 11241100x8000000000000000334362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162902640e0bd67d2021-12-21 10:22:02.196root 11241100x8000000000000000334363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265d01a66f49bd142021-12-21 10:22:02.196root 11241100x8000000000000000334364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90925c6a9c0fd14b2021-12-21 10:22:02.196root 11241100x8000000000000000334365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ab46b74dc7d2952021-12-21 10:22:02.196root 11241100x8000000000000000334366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3b6aea993f4a342021-12-21 10:22:02.197root 11241100x8000000000000000334367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c666aec375caff2021-12-21 10:22:02.197root 11241100x8000000000000000334368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c3c7b8228365fb2021-12-21 10:22:02.197root 11241100x8000000000000000334369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecd81fafbc2d71f2021-12-21 10:22:02.197root 11241100x8000000000000000334370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7b490bb82007392021-12-21 10:22:02.197root 11241100x8000000000000000334371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf8f2a1c2ffb5af2021-12-21 10:22:02.197root 11241100x8000000000000000334372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73f5ff11fb408ee2021-12-21 10:22:02.197root 11241100x8000000000000000334373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b296c178621179902021-12-21 10:22:02.197root 11241100x8000000000000000334374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80007c0631ded582021-12-21 10:22:02.197root 11241100x8000000000000000334375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05d5e248ef98e312021-12-21 10:22:02.197root 11241100x8000000000000000334376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1494110a22c6fd752021-12-21 10:22:02.197root 11241100x8000000000000000334377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd6840c128103682021-12-21 10:22:02.197root 11241100x8000000000000000334378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c778de093b18b92021-12-21 10:22:02.198root 11241100x8000000000000000334379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0db7ba10d65b5e72021-12-21 10:22:02.198root 11241100x8000000000000000334380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862de18b78139e392021-12-21 10:22:02.198root 11241100x8000000000000000334381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef1dff1dbeea05c2021-12-21 10:22:02.198root 11241100x8000000000000000334382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65eecefed1be7632021-12-21 10:22:02.198root 11241100x8000000000000000334383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c25a4c3289cc0942021-12-21 10:22:02.198root 11241100x8000000000000000334384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.accb1c2416e0c2642021-12-21 10:22:02.198root 11241100x8000000000000000334385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96a6be38c0741842021-12-21 10:22:02.198root 11241100x8000000000000000334386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc7bbf93cb9cf1b2021-12-21 10:22:02.198root 11241100x8000000000000000334387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575629d81da4b2ef2021-12-21 10:22:02.693root 11241100x8000000000000000334388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce981425c9a2f6c02021-12-21 10:22:02.693root 11241100x8000000000000000334389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cae3aec4b1928f2021-12-21 10:22:02.694root 11241100x8000000000000000334390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cad9d5fdc245f042021-12-21 10:22:02.694root 11241100x8000000000000000334391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22a54399303e82b2021-12-21 10:22:02.694root 11241100x8000000000000000334392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bfdfabd5e7d2e22021-12-21 10:22:02.694root 11241100x8000000000000000334393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def7623da34d8c3c2021-12-21 10:22:02.694root 11241100x8000000000000000334394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6476044828ac1ae2021-12-21 10:22:02.695root 11241100x8000000000000000334395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec46cbb950b50ee42021-12-21 10:22:02.695root 11241100x8000000000000000334396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eef730d3e9dbbc52021-12-21 10:22:02.695root 11241100x8000000000000000334397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f2495c4a73b07b2021-12-21 10:22:02.695root 11241100x8000000000000000334398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7104395aababcd2021-12-21 10:22:02.695root 11241100x8000000000000000334399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39388888a172b9a2021-12-21 10:22:02.695root 11241100x8000000000000000334400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd49724ce5c4d2d2021-12-21 10:22:02.695root 11241100x8000000000000000334401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-